See how much your organization can save with cloud data protection: Calculate your ROI ⟶
Is Zendesk HIPAA Compliant?
As an omni-channel customer service solution, Zendesk allows for companies to meet customers where they are by providing a variety of options for customer support, intake, and management of the overall customer experience (CX) process. Zendesk can create CX workflows leveraging native integrations with other popular services such as Slack, Stripe, Trello, Zoom, and much more making it a highly sought solution for organizations trying to enhance relationships with customers through digital transformation. The list of organizations turning to Zendesk has increasingly begun to include healthcare organizations of all stripes. In this post, we’ll cover the ways healthcare organizations can leverage Zendesk and ensure compliance while using the service.
Is Zendesk secure?
As stated above, Zendesk is used by organizations in a variety of industries who must meet compliance requirements. While there is no regulatory entity providing HIPAA certification, Zendesk has multiple security certifications including:
- SOC 2 Type II
- ISO 27001:2013
- ISO 27018:2014
- FedRAMP LI-SaaS
You can learn more here.
How can healthcare organizations leverage Zendesk?
Zendesk is currently in use by biotech companies, healthtech companies, as well as healthcare providers and hospitals. One common use case that comes across from Zendesk’s case studies as well as from its healthcare product page is the ability for healthcare organizations to leverage insights from their electronic health records (EHR) systems when providing patient care. This is well illustrated through customer case studies such as One Medical. Other case studies, like HeartFlow illustrate how Zendesk integrations can allow for feedback loops that improve both quality of customer support and the performance of a healthtech platform.
How can you ensure HIPAA compliance on Zendesk?
Zendesk requires customers to sign and execute a business associate agreement (BAA) in order to enable HIPAA compliance on Zendesk customer accounts. To learn more about the BAA, visit this page. In order to execute the BAA, and maintain HIPAA compliance within Zendesk, several conditions must be met. These include:
- Having access to or upgrading to an appropriate service tier. For example, customers using Zendesk Support for a HIPAA use case must be on an Enterprise plan. For a specific list of products allowed for HIPAA enabled accounts see here.
- Secure agent authorization must be enabled through additions like single sign on (SSO) or by setting Zendesk default password settings to “high” and enforcing two factor authentication (2FA).
- Enabling SSL.
- Restricting agent access to specific IP addresses.
- Maintaining proper configurations of APIs.
- Users must be authenticated in order to download attachments.
- Agent, Admin, and Owner devices must be set to be locked after 15 mins of inactivity.
- Users should not be given permissions to see updates for an entire organization or permissions to see access beyond the user’s own tickets.
To see a full list of security requirements broken out by product, visit this page.
Being HIPAA compliant means asking the right questions
Are you looking for other HIPAA-compliant SaaS applications to enable digital transformation within your healthcare organization? Grab a copy of our Guide to HIPAA Compliance Checklist. It has important details you’ll want to ask any SaaS provider as a HIPAA covered entity.
You can access our free Zendesk Scanner to scan your entire Zendesk support instance for sensitive data.
Subscribe to our newsletter
Receive our latest content and updates
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.
Schedule a Demo
Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at firstname.lastname@example.org.