Is Zendesk Chat HIPAA compliant?

Featured image

Share this article

Zendesk-Chat-Logo

Healthcare providers and their partners need to know if the products they are using are HIPAA compliant. Can customer service software companies be HIPAA compliant?

Today we’re going to examine Zendesk Chat.

About Zendesk

Based in San Francisco, Zendesk is a customer service software provider used to manage customer queries, provide support, and build customer relationships. 

Zendesk products include Zendesk Support, Zendesk Chat, Zendesk Talk, and Zendesk Explore, among others.

Business associates and business associate agreements

A business associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a covered entity.

In more straightforward terms, the role of a business associate is to help covered entities comply with the HIPAA Privacy Rule.

If a business associate provides services to a covered entity, then a business associate agreement (BAA) must be in place. A BAA is a written contract between a covered entity and a business associate and is required by law for HIPAA compliance.

Zendesk Chat and HIPAA

We looked through Zendesk’s website and found several helpful documents about HIPAA compliance and its products. 

According to Zendesk’s document Advanced Security: Enhanced Disaster Recovery and HIPAA Compliance Configuration (Enterprise Add-on), the Advanced Compliance add-on “helps fulfill your obligations” under HIPAA.

Zendesk will enter into a BAA for customers with this add-on.

This webpage also includes other information such as exceptions to its security add-ons and more information about its other software products’ HIPAA compliance.

Is Zendesk Chat HIPAA compliant?

While Zendesk does state that it will enter into a BAA with customers, this is reserved for the Enterprise plan only and not for those on the Essential, Team, or Professional plan. We found no information about whether or not Zendesk will sign a BAA for its Elite plan.

According to Security Configuration Requirements for HIPAA Enabled Accounts on Zendesk, subscribers must have the following security configurations in place for Zendesk Chat accounts to be HIPAA compliant:

  • Maintain an active subscription to Zendesk Support Enterprise, Zendesk Chat Enterprise, and the Advanced Security Deployed Associated Service (“Add-On”)
  • Limit access to the Zendesk Chat service by authenticating via the Zendesk Support Service 
  • Disable email piping
  • Disallow attachments while using Chat or assume all responsibility for ensuring attachments contain no PHI

Healthcare providers who chose to use Zendesk Chat will need to monitor staff use of this product to avoid accidental PHI transmission. 

Per the Security Configuration document:


Subscriber’s failure to implement and comply with any particular configuration listed below, or any series of required configurations listed below, shall be at Subscriber’s own risk and at Subscriber’s sole discretion; and such failure shall relieve Zendesk and its employees, agents, and affiliates of any responsibility with respect to any unauthorized access to, or improper use or disclosure of, Subscriber’s Service Data, including any electronic Protected Health Information, that results from such failure by Subscriber.


Remember, investing in continuing cybersecurity training for your employees is an additional precaution to make sure your practice stays HIPAA compliant. Individuals in your organization can be exploited and expose PHI without realizing it.

Conclusion

Zendesk Chat can be HIPAA compliant for Enterprise plan customers who follow the above-stated security configurations once a BAA is executed.

Send direct patient communication with Paubox Email Suite

Zendesk Chat can offer a useful and easy way to speak with patients. However, not every customer on the Zendesk platform can use Chat in a HIPAA compliant manner. 

Healthcare professionals who want another line of direct communication to their patients should consider using a HIPAA compliant email solution, like Paubox Email Suite. 

Paubox Email Suite helps ensure that 100% of the emails you send are secure in transit all the way to your recipient’s inbox, but with the added benefit of making the experience seamless. As soon as the product is configured, all outbound emails will be encrypted. 

With our product, emails you send arrive directly to your patients’ inboxes. That means no more passwords and no more email portals required. Paubox Email Suite integrates with your existing email platform (like Google Workspace or Microsoft 365) so you won’t have to worry about changing your email workflow to use it.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hannah Trum

Read more by Hannah Trum

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022