Analysis: NY Attorney General’s Anti-Breach Actions –
Analysis: NY Attorney General's Anti-Breach Actions
New York state's attorney general, Eric Schneiderman, is pushing for changes to the state's data security and breach notification regulations and has also announced a $575,000 settlement in a case involving HIPAA violations. In an in-depth interview ...
United States: New York Settles EmblemHealth Breach For $575000Mondaq News Alerts

all 2 news articles »

Is Zendesk HIPAA Compliant?

Is Zendesk HIPAA compliant? Can Zendesk products be used by healthcare organizations in the United States for communicating with patients? In this post we explore the Zendesk platform and assess whether it has the necessary privacy and security controls to comply with HIPAA and if the company’s products can be used in connection with electronic protected health information.

What is Zendesk?

Zendesk is a San Francisco based customer service software and support ticketing system provider used by more than 200,000 companies for managing customer queries, providing support, and building customer relationships. The platform incudes Zendesk Support – a call center and ticketing system; Zendesk Chat – a web and mobile messaging system, and the customer service analytics solution Zendesk Insights.

Zendesk Privacy and Security Controls

Zendesk has implemented physical security controls at its facilities to prevent unauthorized data access and has round the clock surveillance and uses multi-factor authentication. Its network is protected by firewalls, with DoS and DDoS prevention solutions to ensure availability of customer data. Zendesk performs regular vulnerability scans and conducts penetration tests to ensure the continued security of its system. Customer data is isolated to prevent unauthorized access and data is protected with encryption in transit and at rest.

Zendesk Business Associate Agreement

In 2015 Zendesk launched a HIPAA compliance program to open up its solutions to the healthcare industry. Zendesk implemented enhanced security controls including encryption for data at rest and the addition of auditing controls to allow users to create and maintain logs of system activity. Zendesk also started signing business associate agreements with HIPAA-covered entities and their business associates.

The Zendesk business associate agreement covers the Zendesk infrastructure, Zendesk Support, Zendesk Chat, Zendesk Talk, and Zendesk Insights, with those products including special configurations for healthcare organizations to support HIPAA compliance.

While there is no officially recognized HIPAA certification program, Zendesk has undergone internal HIPAA audits and the company has attained SOC2 and ISO27001/ISO27018 certifications.

The Zendesk platform does not include all of the necessary HIPAA controls as standard. Healthcare organizations must pay for the advanced security add-on and plan/purchase thresholds apply.

Is Zendesk HIPAA Compliant?

Zendesk can be HIPAA compliant, provided users configure the solution correctly and enter into a business associate agreement with Zendesk.

The post Is Zendesk HIPAA Compliant? appeared first on HIPAA Journal.

PWW Media, Inc. Announces New HIPAA Training Solution for EMS – EMSWorld (press release) (blog)

EMSWorld (press release) (blog)
PWW Media, Inc. Announces New HIPAA Training Solution for EMS
EMSWorld (press release) (blog)
PWW Media, Inc, a resource in EMS compliance, has unveiled the latest HIPAA training solution for the EMS industry—HIPAA TV 2.0. HIPAA TV 2.0 is an all-new, interactive program, specifically designed for EMS and ambulance industry professionals ...