Is Zendesk HIPAA Compliant?

is zendesk HIPAA compliant

Zendesk is a provider of a customer service software program and support ticketing system. More than 200,000 organizations use Zendesk to manage IT support queries, customer requests, and build relationships with customers. American healthcare companies could use Zendesk for communicating with patients, but is it possible to do so without violating HIPAA Rules? Is Zendesk HIPAA compliant?

Zendesk provides the following products and services:

  • Zendesk Support is a call center and ticketing system
  • Zendesk Chat is a web based and mobile messaging system
  • Zendesk Insights helps with customer service analytics

Zendesk incorporates security measures such as 24/7 security monitoring and multi-factor authentication to avoid unauthorized accessing of data. Its network is protected by a firewall and DOS/DDoS prevention solutions to ensure the availability of customer data at all times, and the company performs regular vulnerability scans and penetration tests to ensure sustained protection of its software and systems. To protect customer information from unauthorized access, all customer data are secured with encryption at rest and in transit.

In 2015, Zendesk started a HIPAA compliance plan to enable the healthcare sector to utilize Zendesk.  Its plan involved making improvements to security to meet HIPAA minium standards, including making sure stored data are encrypted, access logs are maintained, and user activities are logged to meet HIPAa auditing requirements. Zendesk also started offering business associate agreements (BAAs) to HIPAA-covered entities covering Zendesk products, including Chat, Support, Insights and Zendesk Talk.

Although there is no officially recognized HIPAA compliance certification program, Zendesk has passed an internal HIPAA audit and has been given SOC2 and ISO27001/ISO27018 certifications. So Zendesk is considered to be HIPAA compliant as long as covered entities and business associates set up the platform appropriately and enter into a BAA with Zendesk.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: