Is Zendesk HIPAA Compliant?

Michael Osakwe
June 15, 2021
Is Zendesk HIPAA Compliant?Is Zendesk HIPAA Compliant?
Michael Osakwe
June 15, 2021
On this page

As an omni-channel customer service solution, Zendesk allows for companies to meet customers where they are by providing a variety of options for customer support, intake, and management of the overall customer experience (CX) process. Zendesk can create CX workflows leveraging native integrations with other popular services such as Slack, Stripe, Trello, Zoom, and much more making it a highly sought solution for organizations trying to enhance relationships with customers through digital transformation. The list of organizations turning to Zendesk has increasingly begun to include healthcare organizations of all stripes. In this post, we’ll cover the ways healthcare organizations can leverage Zendesk and ensure compliance while using the service.

Is Zendesk secure?

As stated above, Zendesk is used by organizations in a variety of industries who must meet compliance requirements. While there is no regulatory entity providing HIPAA certification, Zendesk has multiple security certifications including:

  • SOC 2 Type II
  • ISO 27001:2013
  • ISO 27018:2014
  • FedRAMP LI-SaaS

You can learn more here.

How can healthcare organizations leverage Zendesk?

Zendesk is currently in use by biotech companies, healthtech companies, as well as healthcare providers and hospitals. One common use case that comes across from Zendesk’s case studies as well as from its healthcare product page is the ability for healthcare organizations to leverage insights from their electronic health records (EHR) systems when providing patient care. This is well illustrated through customer case studies such as One Medical. Other case studies, like HeartFlow illustrate how Zendesk integrations can allow for feedback loops that improve both quality of customer support and the performance of a healthtech platform.

How can you ensure HIPAA compliance on Zendesk?

Zendesk requires customers to sign and execute a business associate agreement (BAA) in order to enable HIPAA compliance on Zendesk customer accounts. To learn more about the BAA, visit this page. In order to execute the BAA, and maintain HIPAA compliance within Zendesk, several conditions must be met. These include:

  • Having access to or upgrading to an appropriate service tier. For example, customers using Zendesk Support for a HIPAA use case must be on an Enterprise plan. For a specific list of products allowed for HIPAA enabled accounts see here.
  • Secure agent authorization must be enabled through additions like single sign on (SSO) or by setting Zendesk default password settings to “high” and enforcing two factor authentication (2FA).
  • Enabling SSL.
  • Restricting agent access to specific IP addresses.
  • Maintaining proper configurations of APIs.
  • Users must be authenticated in order to download attachments.
  • Agent, Admin, and Owner devices must be set to be locked after 15 mins of inactivity.
  • Users should not be given permissions to see updates for an entire organization or permissions to see access beyond the user’s own tickets.

To see a full list of security requirements broken out by product, visit this page.

Being HIPAA compliant means asking the right questions

Are you looking for other HIPAA-compliant SaaS applications to enable digital transformation within your healthcare organization? Grab a copy of our Guide to HIPAA Compliance Checklist. It has important details you’ll want to ask any SaaS provider as a HIPAA covered entity. You can also learn more about the HIPAA Security Rule requirements from our Ultimate HIPAA Security and Compliance FAQ, which can be read for free online.

Additionally, access our free Zendesk Scanner to scan your entire Zendesk support instance for sensitive data, or learn more about our full featured Zendesk integration.

Nightfall Mini Logo

Getting started is easy

Install in minutes to start protecting your sensitive data.

Get a demo