25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Is Freshworks Helpdesk HIPAA Compliant?

Posted By on Oct 9, 2024

Freshworks Helpdesk is HIPAA compliant and can be used to create, receive, store, or transmit Protected Health Information, but only if an organization subscribes to an Enterprise plan and complies with Freshworks’ mandatory configuration specifications. It will also be necessary to implement a “secure operating environment” if utilizing the Freshchat capability.

Freshworks Helpdesk (aka Freshdesk) is an advanced customer service solution that accelerates the resolution of customer issues via automated keyword routing and ticket prioritization. The platform also supports collaboration between team members and external agents, and provides AI-powered sentiment and resolution analyses to monitor – and improve – team performance.

When the Freshworks Helpdesk is used by a HIPAA covered entity or business associate to create, receive, store, or transmit Protected Health Information (PHI), it is important the platform has the capabilities to support HIPAA compliance, that the capabilities are configured to safeguard the privacy and security of PHI, and that customer service team members use the platform compliantly.

It is also important a HIPAA Business Associate Agreement is in place between Freshworks and the customer to make Freshworks Helpdesk HIPAA compliant. Freshworks will execute a Business Associate Agreement with HIPAA covered entities and business associates, but there are conditions attached (“mandatory configuration specifications”) which will affect the validity of the Agreement if the conditions are not complied with.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Making Freshworks Helpdesk HIPAA Compliant

In order to make Freshworks Helpdesk HIPAA compliant, it is first necessary to subscribe to an Enterprise plan. This is because the Enterprise plan is the only subscription option with the capabilities to comply with the conditions attached to the Business Associate Agreement. For example, one of the mandatory configuration specifications is IP whitelisting. This feature is only available to Enterprise subscribers.

Other mandatory configuration specifications include enabling SAML SSO for team members, configuring an advanced password policy, adding a custom mail server, applying SSL on support portals, and disabling the Freshconnect feature as this does not support HIPAA compliance.  It is also recommended encryption is enabled on custom form fields, that data masking is used on sensitive information, and that data is migrated from the platform’s local database to a secure repository.

Customers who utilize the Freshchat capability must also implement a “secure operating environment” to make Freshworks Helpdesk HIPAA compliant. This involves additional measures similar to HIPAA Security Rule standards (i.e., role-based access controls, automatic log-off, etc.) and disabling features such as customer satisfaction surveys and visitor notifications. It is also necessary to ensure replies to email campaigns are delivered to a customer-managed email account.

Other Considerations before Using Freshworks Helpdesk

As well as subscribing to an Enterprise plan and complying with the configuration requirements to make Freshworks Helpdesk HIPAA compliant, it is also important team members receive training on how to use Freshdesk securely and in compliance with HIPAA in order to avoid potential violations (i.e., entering PHI into default form fields, as default form fields cannot be encrypted).

Depending on any other Freshworks services being used, it may also be necessary to isolate the Helpdesk service from other Freshworks services that are outside the scope of the Business Associate Agreement (i.e., the Freshmarketer CRM service). Covered entities and business associates who need advice about which services are in scope – and which are not – should reach out to Freshworks directly.

The final consideration before using Freshworks Helpdesk is how effective the customer service solution will be if it is necessary to restrict all access to the support portal by IP address. Although it is possible to limit IP whitelisting to only agents, it is not clear from the Freshworks website whether the failure to whitelist customer IP addresses will invalidate the Business Associate Agreement.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist