Zendesk is a provider of a customer service software program and support ticketing system. More than 200,000 organizations use Zendesk to manage IT support queries, customer requests, and build relationships with customers. American healthcare companies could use Zendesk for communicating with patients, but is it possible to do so without violating HIPAA Rules? Is Zendesk HIPAA compliant?
Zendesk provides the following products and services:
- Zendesk Support is a call center and ticketing system
- Zendesk Chat is a web based and mobile messaging system
- Zendesk Insights helps with customer service analytics
Zendesk incorporates security measures such as 24/7 security monitoring and multi-factor authentication to avoid unauthorized accessing of data. Its network is protected by a firewall and DOS/DDoS prevention solutions to ensure the availability of customer data at all times, and the company performs regular vulnerability scans and penetration tests to ensure sustained protection of its software and systems. To protect customer information from unauthorized access, all customer data are secured with encryption at rest and in transit.
In 2015, Zendesk started a HIPAA compliance plan to enable the healthcare sector to utilize Zendesk. Its plan involved making improvements to security to meet HIPAA minium standards, including making sure stored data are encrypted, access logs are maintained, and user activities are logged to meet HIPAa auditing requirements. Zendesk also started offering business associate agreements (BAAs) to HIPAA-covered entities covering Zendesk products, including Chat, Support, Insights and Zendesk Talk.
Although there is no officially recognized HIPAA compliance certification program, Zendesk has passed an internal HIPAA audit and has been given SOC2 and ISO27001/ISO27018 certifications. So Zendesk is considered to be HIPAA compliant as long as covered entities and business associates set up the platform appropriately and enter into a BAA with Zendesk.