Providing top of the line customer service is a no brainer in 2020, and using a customer service solution can help. However, covered entities need to make sure any products or services they use are HIPAA compliant.
Let’s look at Zendesk for HIPAA compliance.
About Zendesk
Zendesk is a customer service software provider based in San Francisco. This solution manages customer queries, provides customer support tools, and helps build customer relationships.
Products in the Zendesk family are Zendesk Support, Zendesk Chat, Zendesk Talk, and Zendesk Explore.
Read more: Is Zendesk Chat HIPAA Compliant?
Zendesk and HIPAA compliance
A covered entity and a business associate must sign a business associate agreement (BAA) to remain HIPAA compliant.
According to Zendesk’s document Advanced Security add-ons (Professional and Enterprise), the Advanced Compliance (Enterprise add-on) “helps fulfill your obligations” under HIPAA.
Zendesk will enter into a BAA for Enterprise customers with this add-on. For a full list of services covered by Zendesk’s BAA, click here.
Zendesk and PHI
Another integral part of HIPAA compliance is keeping protected health information (PHI) safe. Zendesk states in the Advance Compliance document that it “will provide you with appropriate security configuration options to help safeguard protected health information (PHI).”
Configuring Zendesk for HIPAA compliant use
Zendesk Enterprise plan subscribers must have specific configurations in place for Zendesk accounts to be HIPAA compliant. According to the Security Configuration Requirements for HIPAA Enabled Accounts on Zendesk document, these configurations include:
- Secure agent authentication via native Zendesk Support with password settings or by utilizing an internal Single Sign On solution
- Secure Socket Layer (SSL) encryption on HIPAA enabled accounts
- Restricting access to certain specific IP addresses
- Implementing required API security best practices as outlined in the above-linked document
- Enabling the “require authentication for download” feature
- Enforcing a password-locked screensaver or startup screen to engagement after 15 minutes of inactivity
Additionally, healthcare providers will need to monitor staff to avoid accidental PHI transmission. Cybersecurity training for your staff is another precautionary measure that can help keep your practice HIPAA compliant.
Conclusion
Zendesk can be HIPAA compliant for Enterprise plan customers who follow the above-linked security configurations and execute a BAA.
Direct communication with HIPAA compliant email
A HIPAA compliant email solution, like Paubox Email Suite, can offer your practice another direct line of communication with your patients.
Once configured, all outbound emails will be encrypted. Paubox Email Suite requires no change in your email behavior or your patients’. You send emails directly from your existing email platform (such as Microsoft 365 and Google Workspace), and emails deliver directly to your patients’ inboxes.
Simply open your inbox, send an email, and leave patient portals and logins behind.
