HIPAA Compliance & Zendesk

Zendesk is a San Francisco based customer service software and support ticketing system provider which is implemented by over 200,000 companies for managing customer queries, giving support, and building customer relationships. The platform incorporates Zendesk Support – a call center and ticketing platform; Zendesk Chat – a web and mobile messaging system, and the customer service analytics solution Zendesk Insights.

Security Controls & Zendesk Privacy

Zendesk has put in place physical security controls at its offices to stop unauthorized data access and has 24 hour surveillance with multi-factor authentication. Its network is safeguarded by firewalls, with DoS and DDoS prevention solutions to ensure availability of customer data. Zendesk carries out constant vulnerability scans and conducts penetration tests to ensure the ongoing security of its system. Customer data is isolated to prevent unauthorized access and data is secured with encryption in transit and at rest.

Business Associate Agreement & Zendesk

In 2015 Zendesk begin a HIPAA compliance program to open up its solutions to the healthcare sector. Zendesk implemented enhanced security controls such as encryption for data at rest and the addition of auditing controls to permit users to create and manage logs of system activity. Zendesk also started completing business associate agreements with HIPAA-covered groups and their business associates.

The Zendesk business associate agreement incorporates the Zendesk infrastructure, Zendesk Support, Zendesk Chat, Zendesk Talk, and Zendesk Insights, with those products including special configurations for healthcare groups to support HIPAA compliance.

While there is no officially acknowledged HIPAA certification program, Zendesk has completed internal HIPAA audits and the company has attained SOC2 and ISO27001/ISO27018 certifications.

The Zendesk platform does not include all of the required HIPAA controls as standard. Healthcare groups must pay for the advanced security add-on and plan/purchase thresholds apply.

Can Zendesk be deemed HIPAA Compliant?

Zendesk can be deemed HIPAA compliant, provided users set up the solution properly and enter into a business associate agreement with Zendesk.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas should has data protection and innovations such as telehealth.