Zendesk Business Associate Agreement

HIPAA applies to health care providers, health plans and clearing house services in the health sector. These providers are required to process personal patient health information (PHI/ePHI) in a manner consistent with defined safety standards. When providers designated as covered companies use third-party providers or services to store personal health information, these providers or services designated as business partners must also meet HIPAA standards. This agreement is contractually defined in a Trade Association Agreement (BAA). As soon as a vendor correctly configures the agreement on trade agreements and security controls, the Zendesk service has been made hipaa-compatible and the provider can share PHI with Zendesk. HIPAA does not require HIPAA certification. Nevertheless, Zendesk has passed internal HIPAA audits and SOC2 and ISO27001/ISO27018 certifications. So can health organizations use Zendesk? Is it HIPAA compatible? Yes, Zendesk is considered HIPAA compliant if covered companies or business partners correctly configure the platform and have an associate agreement with Zendesk. In simpler terms, the role of a counterparty is to help covered companies comply with the HIPAA data protection rule. Zendesk is licensed fedRAMP with low impact Software-as-a-Service (LI-SaaS) and listed in the FedRAMP Market Zone. Customers of U.S.

government agencies can request access to the Zendesk FedRAMP security package by filling out a package access form or sending a request to fedramp@zendesk.com. Zendesk can be HIPAA compatible, provided users correctly configure the solution and enter into an associate agreement with Zendesk. The Zendesk Business Associate agreement includes Zendesk infrastructure, Zendesk support, Zendesk Chat, Zendesk Talk and Zendesk Insights with these products, including special configurations for healthcare organizations to support HIPAA compliance. A counterparty is a person or entity that performs certain functions or activities involving the use or disclosure of protected health information (PHI) for a covered business. In 2015, Zendesk launched a HIPAA compliance program to open up its solutions to the healthcare sector. Zendesk has implemented extensive security controls, including encrypting dormant data and adding monitoring controls to allow users to create and manage system activity protocols.