This article describes Advanced Compliance for Zendesk.
This article includes the following sections:
- Health Insurance Portability and Accountability Act (HIPAA)
- About Advanced Compliance
- Zendesk services eligible for coverage by the BAA
About the Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations passed by the U.S. Congress designed to protect the privacy and security of individuals’ personal health information (PHI) and electronic personal health information (ePHI).
HIPAA applies to providers of health care, health plans, and health care clearinghouse services. These providers are required to handle patient personal health information (PHI/ePHI) in a way that meets defined security standards. When providers, known as covered entities, use third-party vendors or services where personal health information might be stored, those vendors or services, known as business associates, need to adhere to the HIPAA standards as well. This agreement is contractually defined in a Business Associate Agreement (BAA).
About Advanced Compliance
Because personal health information may exist within Zendesk service data, the Advanced Compliance feature helps you fulfill your HIPAA obligations. With Advanced Compliance, you have the ability to enter into a Business Associate Agreement (BAA) with Zendesk. Additionally, Zendesk will provide you with appropriate security configuration options to help safeguard protected health information (PHI).
With the purchase of Advanced Compliance, either directly or through the purchase of a plan that includes the Advanced Compliance functionality, Zendesk customers can sign Zendesk’s BAA. You can sign the BAA, via DocuSign, here: https://www.zendesk.com/company/business-associate-agreement/. Advanced Compliance and BAA only apply to features and functionality that are expressly stated to form part of the “Service” in the BAA. Additionally, Advanced Compliance and BAA do not apply to certain products, services, and features as further detailed in the BAA. For a list of covered and exempted services, see Zendesk Services eligible for coverage by the BAA, below. However, it is important to note that the information in the BAA overrides the information in this article, in the event of any conflict.
Zendesk services eligible for coverage by the BAA
The following service, whether purchased individually or as part of Zendesk Suite, is covered by the BAA when purchased with the Advanced Security Deployed Associated Service or the Advanced Compliance Deployed Associated Service:
- Zendesk Enterprise Support
The following services, whether purchased individually or as part of Zendesk Suite, are covered by the BAA when purchased with the Zendesk Enterprise Support Subscription Plan and either the Advanced Security Deployed Associated Service or the Advanced Compliance Deployed Associated Service:
- Zendesk Guide Lite, Professional, or Enterprise
- Zendesk Gather Legacy or Professional
- Zendesk Enterprise Chat
- Zendesk Explore Lite or Professional
The following service, whether purchased individually or as part of Zendesk Suite, is covered by this BAA when purchased with the Zendesk Talk Enterprise, Professional or Legacy Advanced Service Plans:
- Zendesk Talk (excluding Zendesk Text)
The following functionality is covered by this BAA when purchased as part of the Zendesk Suite:
- Ticketing System Functionality
- Help Center Functionality
- Community Forum Functionality
- Live Chat Functionality
- Analytics Functionality
- Voice Functionality (excluding SMS functionality)
Any other Zendesk products or third party services (including integrations or applications) cannot be HIPAA-enabled. See Exceptions to Advanced Security add-ons.
To review our security configuration requirements for HIPAA-enabled accounts, see Security configuration requirements for HIPAA-enabled accounts on Zendesk.
Zendesk security configurations may change from time-to-time due to changes in law and regulation and changes to the Zendesk Service. Zendesk recommends that you Follow this article to be apprised of any changes. For further security information, contact Zendesk Security.
For more information on HIPAA, refer to the attachments below or send email to Zendesk Security for more information regarding the specifics of Zendesk's HIPAA program.