Possible Errors:
Provide more details on how the system handles HIPPA secure data. Are the email responses from FreshDesk HIPPA compliant?
Resolution Path:
Mandatory Configuration Specifications
- IP Whitelisting: Whitelist specific IP addresses to enforce access to your support portal only from the sources that are authorized by you. Know more.
- Identification and Authentication
- Enable SAML SSO for users to access their support portal with unified identification and authentication and also to validate users logging into the portal using a locally hosted script. Security Assertion Markup Language (SAML) is a mechanism used for communicating identities between two web applications. It enables web-based Single-Sign-On, thereby eliminating the need for maintaining various credentials for various applications and reduces identity theft. Know more.
(or) - Configure Advanced Password Policy where you would be able to set password length, complexity, expiry, repetition. Additionally, enable Two-factor authentication if required.
- Enable SAML SSO for users to access their support portal with unified identification and authentication and also to validate users logging into the portal using a locally hosted script. Security Assertion Markup Language (SAML) is a mechanism used for communicating identities between two web applications. It enables web-based Single-Sign-On, thereby eliminating the need for maintaining various credentials for various applications and reduces identity theft. Know more.
- Custom Mailbox: Configure your own custom mail server with Freshdesk to get autonomous control on the incoming and outgoing emails. This lets you make sure that all your email transactions are outside Freshworks, and will be completely managed at your end. Know more.
- SSL: Freshdesk offers a wildcard SSL for all users who have a support portal on a freshdesk.com domain. This can be used as long as you continue to use the default Freshdesk URL you signed up with (for example, yourcompany.freshdesk.com). However, the default SSL does not work when you've linked a custom domain name to your support portal (for example, support.yourcompany.com). In this case, you can request a certificate from your account while setting up the custom domain. Customers should enable SSL if they require HIPAA compliance.
- Freshconnect: The Freshconnect feature in Freshdesk should remain disabled for all HIPAA-enabled accounts.
Recommended Configuration Specifications
- Data Encryption: Freshdesk allows you to add an encrypted single-line field in your forms. These encrypted fields can be added in places where adding a custom field is possible. There is no cap on the number of encrypted fields that can be used. Default fields cannot be encrypted to be HIPAA compliant. If the client decides to store PHI data in a non-encrypted field, Freshdesk cannot be held responsible for the same. Any sensitive PHI data needs to be stored as a custom encrypted field.
- Data Sanitization: Data Masking app is available to mask the credit card/ SSN information from the patient conversations.
- Secure Data Migration: Ensure secure migration of data, without data being stored with Freshworks in the local database, to comply with your data retention policy. You can contact our support on further details on how the migration works. For information on the information security practices followed at Freshworks, please refer here.