This article describes Advanced Compliance for Zendesk.
This article includes the following sections:
- Health Insurance Portability and Accountability Act (HIPAA)
- About Advanced Compliance
- Zendesk services eligible for coverage by the BAA
About the Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations passed by the U.S. Congress designed to protect the privacy and security of individuals’ personal health information (PHI) and electronic personal health information (ePHI).
HIPAA applies to providers of health care, health plans, and health care clearinghouse services. These providers are required to handle patient personal health information (PHI/ePHI) in a way that meets defined security standards. When providers, known as covered entities, use third-party vendors or services where personal health information might be stored, those vendors or services, known as business associates, need to adhere to the HIPAA standards as well. This agreement is contractually defined in a Business Associate Agreement (BAA).
About Advanced Compliance
Because personal health information may exist within Zendesk service data, the Advanced Compliance feature helps you fulfill your HIPAA obligations. With Advanced Compliance, you have the ability to enter into a Business Associate Agreement (BAA) with Zendesk. Additionally, Zendesk will provide you with appropriate security configuration options to help safeguard protected health information (PHI).
With the purchase of Advanced Compliance, either directly or through the purchase of a plan that includes the Advanced Compliance functionality, Zendesk customers can sign Zendesk’s BAA. You can sign the BAA, via DocuSign, here: https://www.zendesk.com/company/business-associate-agreement/. Advanced Compliance and BAA only apply to features and functionality that are expressly stated to form part of the “Service” in the BAA. Additionally, Advanced Compliance and BAA do not apply to certain products, services, and features as further detailed in the BAA. For a list of covered and exempted services, see Zendesk Services eligible for coverage by the BAA, below. However, it is important to note that the information in the BAA overrides the information in this article, in the event of any conflict.
Zendesk services eligible for coverage by the BAA
For customers who have purchased the Advanced Security add-on, the Advanced Compliance add-on, or are entitled to the Advanced Compliance add-on within their Zendesk Suite Service Plan, the following tables show the current list of HIPAA Enabled Service Plans, the applicable Services covered by the BAA under that Service Plan, the add-ons available for use with the HIPAA Enabled Service Plans, and HIPAA Enabled Generative AI Functionality:
| HIPAA Enabled Service Plans | BAA Covered Services |
| Zendesk Suite Professional or Enterprise |
Support (Ticketing System Functionality) Guide (Help Center Functionality) Gather (Community Forum Functionality) Chat (Live Chat Functionality) and Zendesk messaging Explore (Analytics Functionality) Talk (Voice Functionality), excluding Text Sunshine Conversations within Zendesk Suite |
| Zendesk Enterprise Support (legacy plan) |
Support (Ticketing System Functionality) Guide (Help Center Functionality) Gather (Community Forum Functionality) Chat (Live Chat Functionality) and Zendesk messaging Explore (Analytics Functionality) |
| Zendesk Talk Enterprise, Professional, or Advanced (legacy plans) | Talk (Voice Functionality), excluding Text |
| HIPAA Enabled Add-Ons (current plans) | HIPAA Enabled Add-Ons (legacy plans) |
| Advanced Data Privacy and Protection | Productivity Pack (legacy) |
| Advanced AI | Collaboration (legacy) |
| Agent Months | Unlimited Multibrand (legacy) |
| Voice usage credits | More Storage (legacy) |
| Premium Sandbox | Priority Support (legacy) |
| More Storage | Enhanced Disaster Recovery (legacy) |
| Answer Bot resolution | Advanced Compliance (legacy) |
| High volume API | Data Center Location (legacy) |
| Sunshine conversations MAU | |
| Sunshine conversations notifications |
| HIPAA Enabled Generative AI Functionality |
| Auto assist (Advanced AI) |
| Suggested first replies (Advanced AI) |
| Ticket summaries (Advanced AI) |
| Expand ticket comment (Advanced AI) |
| Tone shift for ticket comment (Advanced AI) |
| Quick answers for Agent Workspace (Advanced AI) |
| Expand for help center article (Advanced AI) |
| Simplify for help center article (Advanced AI) |
| Tone shift for help center article (Advanced AI) |
| Call summaries and transcriptions (Advanced AI) |
| Generative replies (Suite / AI Agents) |
| Bot personas (Suite / AI Agents) |
Any other Zendesk products or third party services (including legacy standalone Sunshine Conversations; integrations, including with social media messaging channels; or Marketplace applications) are not HIPAA-enabled. For additional exceptions see Exceptions to Advanced Security add-ons.
To review our security configuration requirements for HIPAA-enabled accounts, see Security configuration requirements for HIPAA-enabled accounts on Zendesk.
Zendesk security configurations may change from time-to-time due to changes in law and regulation and changes to the Zendesk Service. Zendesk recommends that you Follow this article to be apprised of any changes. For further security information, contact Zendesk Security.
For more information on HIPAA, refer to the attachments below or send email to Zendesk Security for more information regarding the specifics of Zendesk's HIPAA program.