This article describes Advanced Compliance for Zendesk.

What's my plan?
All Suites Team, Growth, Professional, Enterprise, or Enterprise Plus

This article describes Advanced Compliance for Zendesk.

This article contains these topics:

  • About Advanced Compliance
  • The Health Insurance Portability and Accountability Act (HIPAA)
  • French Health Data Hosting (HDS)
  • Zendesk services eligible for coverage by the Healthcare Agreement

About Advanced Compliance

With Advanced Compliance, you have the ability to enter into a Business Associate Agreement (BAA) or HDS Terms Exhibit to the Zendesk Customer Agreement ("HDS Exhibit") with Zendesk (collectively, “Healthcare Agreement”) to cover use cases where PHI may be contained within Service Data for HIPAA and HDS Enabled Accounts (collectively, “Healthcare Enabled Accounts”).

For the purposes of HIPAA Enabled Accounts, “PHI” means “Protected Health Information,” and for the purposes of HDS Enabled Accounts, “PHI” means “Personal Health Information.”

Additionally, Zendesk will provide you with recommended security configuration options to assist you in safeguarding PHI in your account as required by HIPAA and HDS (collectively, “Applicable Healthcare Regulations”).

With the purchase of Advanced Compliance, either directly or through the purchase of a plan that includes the Advanced Compliance add-on, Zendesk customers can sign a Healthcare Agreement with Zendesk.

Advanced Compliance and the Healthcare Agreement only apply to features and functionality that are expressly stated to form part of the “Covered Services” in the Healthcare Agreement. Additionally, Advanced Compliance and the Healthcare Agreement do not apply to certain products, services, and features as further detailed in the Healthcare Agreement and on this page. For the current list of Covered Services, see Zendesk Services eligible for coverage by the Healthcare Agreement, below.

The Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations passed by the U.S. Congress designed to protect the privacy and security of individuals’ PHI.

HIPAA applies to providers of health care, health plans, and health care clearinghouse services. These providers are required to handle PHI in a way that meets defined security standards. When providers, known as covered entities, use third-party vendors or services where PHI might be stored, those vendors or services, known as business associates, need to adhere to the HIPAA standards as well. This agreement is contractually defined in a Business Associate Agreement (BAA).

You can review and sign the Zendesk BAA, via DocuSign, here: https://www.zendesk.com/company/business-associate-agreement/.

Accounts covered by the Zendesk BAA are known as “HIPAA Enabled Accounts.”

Note: Zendesk is limited to the status of a business associate. Moreover, Zendesk is not a holder of the Designated Record Set. The HIPAA requirements for a business associate are met through Zendesk's SOC2 and ISO27001/ISO27018 certifications and internal HIPAA audits.

French Health Data Hosting (HDS)

The Health Data Hosting (HDS) certification in France is designed to strengthen the protection of PHI and build a trusted environment around eHealth and patient monitoring.

This certification is required for the processing of health data subject to the provisions of Article L1111-8 of the Public Health Code of France (Code de la santé publique, “Code of Public Health”).

Customers’ whose use of the Services may be subject to the provisions of Article L1111-8 of the Code of Public Health must enter into an HDS Terms Exhibit to the Zendesk Customer Agreement ("HDS Exhibit") with Zendesk.

Accounts covered by the Zendesk HDS Exhibit are known as “HDS Enabled Accounts.”

You can obtain a copy of the HDS Exhibit for review and execution by contacting your Zendesk Account Executive.

Note: For customers with HDS Enabled Accounts, Zendesk has published a Representation of Guarantees providing greater transparency regarding the scope of the Services covered by Zendesk’s HDS certification.

Zendesk services eligible for coverage by the Healthcare Agreement

For customers who have purchased the Support Advanced Compliance add-on, or are entitled to the Advanced Compliance add-on within their Zendesk Suite Service Plan, and have executed a Healthcare Agreement with Zendesk, the following tables show the current list of HIPAA and HDS Enabled Service Plans (collectively, “Healthcare Enabled Service Plans”), the applicable Services covered by the Healthcare Agreement under that Service Plan, and the add-ons available for use with the Healthcare Enabled Service Plans

Note: Early Access Programs (EAPs) and Built by Zendesk Applications from the Marketplace are not covered by the Healthcare Agreement and should not be used with PHI.
Healthcare Enabled Service Plans Healthcare Agreement Covered Services
Zendesk Suite Professional or Enterprise

Support (Ticketing System Functionality)

Guide (Help Center Functionality)

Gather (Community Forum Functionality)

Chat (Live Chat Functionality) and Zendesk messaging

Explore (Analytics Functionality)

Talk (Voice Functionality), excluding Text

Sunshine Conversations within Zendesk Suite

Zendesk Enterprise Support (current and legacy plans)

Enterprise Support (Ticketing System Functionality)

Guide (legacy) (Help Center Functionality)

Gather (legacy) (Community Forum Functionality)

Enterprise Chat (Live Chat Functionality) and Zendesk messaging

Explore (legacy) (Analytics Functionality)

Zendesk Talk Enterprise, Professional, or Advanced (legacy plans) Talk (Voice Functionality), excluding Text
Healthcare Enabled Add-Ons (current plans) Healthcare Enabled Add-Ons (legacy plans)
Advanced Data Privacy and Protection Productivity Pack (legacy)
Copilot Collaboration (legacy)
Agent Months Unlimited Multibrand (legacy)
Voice usage credits More Storage (legacy)
Premium Sandbox Priority Support (legacy)
More Storage Enhanced Disaster Recovery (legacy)
Answer Bot resolution Advanced Compliance (legacy)
High volume API Data Center Location (legacy)
Sunshine conversations MAU
Sunshine conversations notifications
Workforce Management (WFM)
Zendesk Quality assurance (QA)
AI Agents - Advanced
Note: All features and functionality included as part of the Covered Services and Healthcare Enabled Add-Ons are covered by the Healthcare Agreement unless otherwise stated in the recommended security configurations described below.

Any other Zendesk products or third party services (including legacy standalone Sunshine Conversations; integrations, including with social media messaging channels; or Marketplace applications) are not Healthcare Enabled. For additional exceptions see Exceptions to additional security functionality.

To review our recommended security configurations for Healthcare Enabled Accounts, see Security configuration requirements for Healthcare Enabled Accounts on Zendesk.

Zendesk security configurations may change from time-to-time due to changes in law and regulation and changes to the Zendesk Service. Zendesk recommends that you Follow this article to be apprised of any changes. For further security information, contact Zendesk Security.

For more information about Healthcare Enabled Accounts, refer to the attachments below or contact Zendesk Security for additional details regarding the specifics of Zendesk's compliance program for healthcare customers.

Topic attachments

Powered by Zendesk