Security Configuration Requirements for HIPAA Enabled Accounts on Zendesk

Return to top
Have more questions? Submit a request

6 Comments

  • Craig Lima

    January 17th, updated to disallow attachments in Chat.

    0
  • Craig Lima

    March 6th, 2019: updated to include settings for Zendesk Explore

    0
  • Craig Lima

    Nov 6th 2019

    Article updated to reflect the change that subscribers may elect at their sole discretion to forgo or substitute any particular configuration so long as they assume the responsibility for such decision.

    "Subscriber’s  failure to implement and comply with any particular configuration listed below, or any series of required configurations listed below, shall be at
    Subscriber’s own risk and  at Subscriber’s sole discretion; and such failure shall relieve Zendesk and its employees, agents, and affiliates of any responsibility with respect to any unauthorized access to, or improper use or disclosure of, Subscriber’s Service Data, including any electronic Protected Health Information, that results from such failure by Subscriber. "

    Other changes include

    1. the ability to use SMS so long as subscriber assumes all responsibility for ensuring no PHI is present in such transmissions.

    2. The ability to use attachments in Chat so long as subscriber assumes all responsibility for ensuring no PHI is present in such attachments.

     

    0
  • Craig Lima

    Edit for Dec 13th 2019 allows for Agent IP restrictions to be foregone where use case does not allow for such restrictions so long as MFA on Agent access is enforced.

    Edit for Dec 17th 2019 allows for end user comments in Guide so long as Agents moderate such comments and remove all PHI.

    0
  • Craig Lima

    July 13th, 202o addition:

    Disambiguation made regarding usage of SMS via the Service as opposed to native use of SMS for in-product 2FA. * For the avoidance of doubt, the data caveats related to ePHI in section 10 regarding SMS do not apply to in-product 2FA usage (as described in section 1.a) as such functionality merely sends out a numerical string for identity verification."

    0
  • Craig Lima

    August 2020 edits:

    1. Addition of Explore Enterprise covering increased dashboard sharing capabilities
    2. Removal of the ban on Chat attachments (Support auth requirements now cover)
    3. Disambiguation that the ban on ePHI in custom fields applied specifically to Insights usage and not globally
    4. Addition of a new section coving Add-Ons to Deployed Services, with "Side Conversations" being the first addition
    5. Various grammar / formatting edits (inconsequential to content)
    0

Article is closed for comments.

Powered by Zendesk