Blog

Is Zendesk HIPAA Compliant?

Compliant Tools
January 12, 2021
We know that managing HIPAA internal compliance and signing business associate agreements with all other organizations can be time-consuming and confusing. In this post, we will lay out everything you need to know to utilize Zendesk in a HIPAA compliant manner.

Is Zendesk HIPAA Compliant?

Organizations that operate under the rules and regulations of HIPAA know that there are certain extra steps that need to be taken in order to verify that other organizations or softwares that you work with are also HIPAA compliant. We know that managing HIPAA internal compliance and signing business associate agreements with all other organizations can be time-consuming and confusing. To help clear up some of these questions and confusion, we will lay out everything you need to know about Zendesk and how to utilize this software in a HIPAA compliant manner down below. 

What is Zendesk? 

Zendesk is a San Francisco-based customer service software company that offers sales support with the ultimate goal of building strong customer relationships. Zendesk’s software is quick and easy to implement while also being scalable to individually fit each organization’s needs. 

The Zendesk platform contains many products, including: 

  • Zendesk Support - a ticketing and call center system.
  • Zendesk Insights - an analytics solution for customer service 
  • Zendesk Chat - a messaging system for both web and mobile use 
  • Zendesk Sunshine - a flexible CRM platform built on AWS

Zendesk provides best-in-class security for their software solution that uses strict security controls such as multi-factor authentication and constant surveillance of all interactions with data. Zendesk uses enterprise-class security including regular audits of their networks, applications and servers to ensure that all data that is run through them remains protected. Even better, Zendesk is a member of the Cloud Security Alliance (CSA) which is the not-for-profit, world leading organization in terms of dedication to “defining and raising awareness of best practices to help ensure a secure cloud computing environment.”

Now that we have established that Zendesk is a secure and trustworthy software provider, we will explore what that means for HIPAA compliant organizations in specific. 

Zendesk and HIPAA Compliance: 

Is Zendesk HIPAA Compliant? 

Overall, Zendesk is HIPAA compliant when an organization uses the platform correctly and a business associate agreement is signed with them. It is important to note that not all of the necessary controls to make Zendesk HIPAA compliant are standard with the software. Healthcare organizations, like they have to with many other platforms, must pay for the “Advanced Compliance”  add-on in order to fulfill the requirements for HIPAA. The HIPAA-compliant add-on is available for customers that are on the enterprise plan. 

Signing a BAA with Zendesk? 

It is extremely important for HIPAA covered entities and business associates to sign business associate agreements (BAAs) with each outside organization that they choose to share PHI with in any capacity. A BAA is a written contract between a covered entity and a business associate or a business associate and their subcontractor which specifies each party’s responsibilities when it comes to managing protected health information (PHI).  

Within the Advanced Compliance add-on that we mentioned above, you will have the ability to sign a business associate agreement with Zendesk. This BAA covers the Zendesk platform including Zendesk Support, Zendesk Insights, Zendesk Chat, and other products. 

You’ve made Zendesk HIPAA Compliant... Now What? 

A common misconception for organizations that need to comply with HIPAA, is that they have reached full compliance after only a couple of steps. While it is important to ensure that you are utilizing Zendesk in a manner that complies with HIPAA and keeps your protected health information entirely secure. However, HIPAA compliance is a complicated and multi-step process that companies must follow through to the very end in order to be safe from a breach or audit. 


Just because you have ensured that your Zendesk usage is compliant or just because your employees are trained yearly, does not mean that your entire organization is HIPAA compliant. If you are unsure of whether you meet the compliance standards, feel free to utilize our free risk assessment in order to determine potential spots of weakness in your organization’s compliance.

More from the Blog

GenixTec has achieved HIPAA Compliance with Accountable
Compliant Tools

GenixTec has achieved HIPAA Compliance with Accountable

HIPAA and Workforce Training
HIPAA

HIPAA and Workforce Training

Understanding HIPAA Certification
HIPAA

Understanding HIPAA Certification

Is Google Docs HIPAA Compliant?
Compliant Tools

Is Google Docs HIPAA Compliant?

Is Calendly HIPAA Compliant?
Compliant Tools

Is Calendly HIPAA Compliant?

Is Google Sheets HIPAA Compliant?

Is Google Sheets HIPAA Compliant?

Is iCloud HIPAA Compliant?
Compliant Tools

Is iCloud HIPAA Compliant?

President Biden Looks to Boost Cybersecurity at U.S. Ports
Data Security

President Biden Looks to Boost Cybersecurity at U.S. Ports

Get Started
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ready to chat?

See how some of the fastest growing companies use Accountable to build trust through privacy and compliance.
Trusted by
Accountable Compliance Management Logo

We make it easy to get your own HIPAA Certification and build trust with your customers and patients.

Product
PlaybooksHow it worksProductPricingWatch DemoSeal of ComplianceGet Support
Solutions
HIPAAGDPR
Resources
BlogHIPAA TrainingHIPAA Risk AnalysisGDPR Risk Analysis
Company
AboutCareersSupportContact UsPrivacy CenterProduct Updates
Account
Sign InForgot Password

"Accountable allowed us to quickly establish Core Compliance with HIPAA as well as a firm foundation for our Security Program." - Michael H.

© 2024 Accountable HQ, Inc.
SitemapTerms of ServicePrivacy Policy