The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations designed to protect the privacy and security of individuals’ personal health information (PHI).
Zendesk Explore can be configured to be compliant with the HIPAA rules and regulations pertaining to Business Associates. To ensure the security of you and your customers’ information, you must take the following actions in Zendesk Explore and Zendesk Support:
Review access for your existing agents
For each agent who currently accesses Zendesk Support Professional or Enterprise, review their access to Explore using the following sections:
Configuring access with Zendesk Support Professional
If you're using Support Professional, you configure agent access in their Zendesk Support user profile. You must be a Support admin to configure access. The available access levels depend on the version of Explore you are using:
Configure the default Explore role (Explore Professional and Enterprise only)
Setting the default Explore role to “No access” ensures that all new agents that are added to your Zendesk account will not be able to access Explore. This gives you the ability to more finely control which agents can view information by configuring the Explore role in their user profile. You must be an Explore admin to configure the default role.
For more information, see Giving agents access to Explore.
Configure permissions for Explore Professional and Enterprise
- No access: Toggle the switch off if you don’t want this user to access Explore.
- Viewer: Can view and interact with pre-built and shared dashboards.
- Editor: Can create custom reports and dashboards.
- Admin: Can create custom reports and dashboards. Additionally, can manage viewers and permissions.
Configure permissions for Explore Lite
-
No access: Toggle the switch off if you don’t want this user to access Explore.
- Viewer: Can view and interact with pre-built and shared dashboards.
After you review the access for each agent, you’ll continue to assign an Explore role to new agents using the same method.
For more information, see Giving agents access to Explore.
Configuring access with Zendesk Support Enterprise
If you're using Support Enterprise, you configure access to Explore using custom roles. In your custom roles settings, you'll find the option What can this agent do in Explore?. The following settings are available:
- Create reports and manage permissions: Gives full admin permission to Explore
- Create reports: Agents can create, edit and share reports
- View reports: Agents can view dashboards only, but not their underlying queries
- No access: Agents cannot view or access Explore
Ensure that you review any roles you have assigned to agents to make sure they have the required level of access to Explore.
For more information, see Giving agents access to Explore.
Additional considerations
In addition to steps you can take above, keep in mind the following considerations:
- Don’t grant agents more access than they need to view reports. For example, if the agent doesn’t need to create reports, grant that agent “viewer” access.
- When you export reports from Explore, it’s your responsibility to ensure the security of the information in that report. For example, don’t send an exported report containing sensitive patient information over an unencrypted email system.
- When you create or access Explore reports, sensitive electronic patient health information might be displayed on the device you are using. It’s your responsibility to ensure that this information can’t be seen or accessed by unauthorized people.
- If you share public links to dashboards using Explore Enterprise, remember that these can be accessed by anyone on the internet, regardless of whether they have a Zendesk account. Always consider protecting your dashboards with a strong password. Record the password and store it securely in accordance with your organization's security policies. Additionally, always review the content of any dashboards you share externally to ensure that sensitive data is not leaked.
For more information about HIPAA compliance and Zendesk products, see Advanced Security: Data at Rest Encryption, Enhanced Disaster Recovery, and HIPAA Compliance (Enterprise Add-on) and Security Configuration Requirements for HIPAA Enabled Accounts on Zendesk.
If you have any questions, or need any help, please contact us.
0 Comments
Please sign in to leave a comment.