This article describes the Advanced Compliance add-on for Support Enterprise.
This article includes the following sections:
- Health Insurance Portability and Accountability Act (HIPAA)
- About the Advanced Compliance add-on
- Zendesk services eligible for coverage by the BAA
About the Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations passed by the U.S. Congress designed to protect the privacy and security of individuals’ personal health information (PHI) and electronic personal health information (ePHI).
HIPAA applies to providers of health care, health plans, and health care clearinghouse services. These providers are required to handle patient personal health information (PHI/ePHI) in a way that meets defined security standards. When providers, known as covered entities, use third-party vendors or services where personal health information might be stored, those vendors or services, known as business associates, need to adhere to the HIPAA standards as well. This agreement is contractually defined in a Business Associate Agreement (BAA).
About the Advanced Compliance add-on
Because personal health information may exist within Zendesk service data, the Advanced Compliance add-on helps you fulfill your HIPAA obligations. With this add-on, you have the ability to enter into a Business Associate Agreement (BAA) with Zendesk. Additionally, Zendesk will provide you with appropriate security configuration options to help safeguard protected health information (PHI).
With the purchase of the Advanced Compliance add-on, Zendesk customers can sign Zendesk’s BAA. You can sign the BAA, via DocuSign, here: https://www.zendesk.com/company/business-associate-agreement/. The Advanced Compliance add-on and BAA only apply to features and functionality that are expressly stated to form part of the “Service” in the BAA. Additionally, the add-on and BAA do not apply to certain products, services, and features as further detailed in the BAA. For a list of covered and exempted services, see Zendesk Services eligible for coverage by the BAA, below. However, it iss important to note that the information in the BAA overrides the information in this article, in the event of any conflict.
Zendesk services eligible for coverage by the BAA
The following service, whether purchased individually or as part of the Zendesk Support Suite, is covered by the BAA when purchased with the Advanced Security Deployed Associated Service or the Advanced Compliance Deployed Associated Service:
- Zendesk Enterprise Support
The following services, whether purchased individually or as part of the Zendesk Support Suite, are covered by the BAA when purchased with the Zendesk Enterprise Support Subscription Plan and either the Advanced Security Deployed Associated Service or the Advanced Compliance Deployed Associated Service:
- Zendesk Guide Lite, Professional, or Enterprise
- Zendesk Gather Legacy or Professional
- Zendesk Enterprise Chat
- Zendesk Explore Lite or Professional
The following service, whether purchased individually or as part of Zendesk Support Suite, is covered by this BAA when purchased with the Zendesk Talk Enterprise, Professional or Legacy Advanced Service Plans:
- Zendesk Talk (excluding Zendesk Text)
Any other Zendesk products or third party services (including integrations or applications) cannot be HIPAA-enabled. See Exceptions to Advanced Security add-ons.
To review our security configuration requirements for HIPAA-enabled accounts, see Security configuration requirements for HIPAA-enabled accounts on Zendesk.
Zendesk security configurations may change from time-to-time due to changes in law and regulation and changes to the Zendesk Service. Zendesk recommends that you Follow this article to be apprised of any changes. For further security information, contact Zendesk Security.
For more information on HIPAA, refer to the attachments below or send email to Zendesk Security for more information regarding the specifics of Zendesk's HIPAA program.