Recent searches


No recent searches

Security Configuration Requirements for HIPAA or HDS Enabled Accounts on Zendesk



Edited Jan 24, 2025


0

7

7 comments

January 21st, 2021

Addition of number 1.11 disallows CSAT unless Subscriber assumes responsibility of data sent via email as part of the survey. 

Caveat in number 1.7 to make allowances for Subscribers altering viewing permissions due to users already having approval to access such data on their ends.

Updated entire document to match company stle of embedded links within text as opposed to inline URLs (no impact to configuration content). 

0


July 9th 2021 edit:

1. Adds point 3. under Chat section for responsibilities around Agent Workspace usage.

0


February 24th, 2023

  • Section I. Support, number 3: removed separate distinction between Support and Chat IP restrictions as the UI is now unified.
  • Section I. Support, number 5: added clarification on failure to meet requirement 
  • Section I. Support, number 7: “Subscriber must not” changed to “Subscriber should not”.
  • Section IV. Chat, number 2: clarifies that all export functionality of data from Chat using email is prohibited, and not just scoped to transcripts and piping. 
  • Section III. messaging: entire section added to account for Zendesk messaging functionality addition to the scope of Zendesk’s Business Associate Agreement.

0


April 13th, 2023

  • Section I, Support, number 4 (APIs) : 
    • Added link to authentication methods for clarity 
    • b) Removed exact time frame recommendations for rotation to align with industry best practices and removed reference to REST API Terms of Services (redundancy)
    • added c) to warn about the use of Basic Authentication for the API 
  • Section II, Guide:
    • Number 1 (Help center restrictions): added reference to closed or restricted help centers to align with product functionality
    • Number 5 (@mentions): Added option to disable @mentions to align with product functionality 
  • Section III, messaging: 
    • Number 1 and 2 (third party channels and private attachments): added section identifiers (i) and (ii) for clarity
    • Number 2 (private attachments) : added “URLs and/or” for clarification 
    • Number 7-10 (End-User authentication, Answerbot conversation deletion, redaction, malware scanning): full sections added for transparency
  • Section IV, Sunshine Conversations: whole section added due to Sunshine Conversations in the Zendesk Suite being made part of the BAA 
  • Section V, Chat, number 3 (Agent Workspace): small phrasing corrections
  • Section VIII, mobile applications, number 5-7 (malware scanning, redaction, End-User authentication): whole sections added for transparency

0


October 25, 2023

  • Introduction: Clarified introduction language for HIPAA enabled accounts
  • Section II, Guide and Gather, number 1 (Help center restrictions): replaced IP restrictions with restricted articles for clarification

0


Dec 16th 2024

1. Added section XI to incorporate Zendesk QA into scope 

2. Changed various instances of "Answer Bot" to "AI Agents" to denote naming convention changes and broader scope.

3. Changed various instances of “must” and “shall” to “should” to denote best practices philosophy of configs, as well as to reinforce the Subscriber responsibility for interpretation of HIPAA compliance vis-a-vis Admin / Owner configurations and use case implementation  https://support.zendesk.com/hc/en-us/articles/4408833510938-The-Zendesk-Shared-Responsibility-Model

0


Dec 27th, 2024, added section XII to incorporate Workforce Management “WFM” into HIPAA BAA scope

0


Article is closed for comments.