HIPAA Overview

Yes. BoldDesk has been audited by an independent third-party organization and certified as HIPAA-compliant. As defined by the HIPAA Journal, this certification involves verifying that an organization has implemented the necessary physical, technical, and administrative safeguards.

To activate HIPAA-compliant features, follow these steps:

1. Subscribe to Enterprise plan.
2. Bill your subscription on a monthly or annual basis.
3. Have the legal authority to sign agreements on behalf of your organization.
4. Contact BoldDesk support to request HIPAA enablement and a Business Associate Agreement (BAA).
5. Sign a BAA with BoldDesk.

You can learn more on how to sign BAA for HIPAA.

No. The U.S. Department of Health and Human Services (HHS) does not issue official HIPAA certifications. HIPAA is a regulatory framework enforced by the Office for Civil Rights (OCR). Syncfusion conducts internal and third-party audits to ensure BoldDesk meets HIPAA standards, even though no formal certification is recognized by HHS.

Yes. Current and prospective customers may request access to Syncfusion’s HIPAA compliance report. Please contact our support or sales team for assistance. Note that all requests are reviewed by our legal department to ensure the confidentiality of internal systems and processes.

If you have questions about HIPAA compliance, contact our support team via the BoldDesk support portal or the official contact channels on the Syncfusion website.

BoldDesk supports HIPAA compliance by offering secure ticketing features that protect PHI, including:

• User authentication
• Role-Based Access Control (RBAC)
• Audit trails
• Data encryption (at rest and in transit)

These features help healthcare organizations manage sensitive data securely, including confidential forms and patient communications.

A BA is any individual or entity that performs services involving PHI on behalf of a covered entity (e.g., healthcare provider or insurer). Under HIPAA, business associates must follow strict guidelines for handling PHI.

A BAA is a legal contract between a covered entity and a business associate. It outlines the responsibilities of the BA regarding PHI, including:

• Implementing safeguards to protect PHI.
• Complying with HIPAA’s privacy and security rules.
• Notifying the covered entity in case of a data breach.

To maintain HIPAA compliance, BoldDesk implements the following security measures:

• Encryption & decryption: PHI is encrypted during transmission and storage.
• Redact sensitive data: Sensitive data is redacted and stored in a non-retrievable format.
• Email restrictions: HIPAA mode disables in-app email communication; custom email servers (e.g., IMAP) can be configured securely.
• Access controls: Role-based access control limits PHI access to authorized users only.
• Audit logging: All user activities are logged, including access, changes, and deletions of PHI. Logs are regularly reviewed for anomalies.
• AI services:  AI services are disabled to prevent the unintended processing of electronic Protected Health Information (ePHI) by external or non-compliant systems.
• Omnichannel: To ensure HIPAA compliance, BoldDesk restricts the use of non-compliant communication channels such as social media (e.g., Facebook, Twitter, WhatsApp, Instagram, Telegram, and Line App).
• Push notification: Push notifications are disabled in HIPAA mode to prevent unauthorized exposure of PHI on unsecured devices. This ensures that sensitive information is not inadvertently displayed on lock screens or transmitted through third-party notification services that may not be HIPAA-compliant.
• Live Chat: ePHI fields are not supported. Instead, sensitive data can be redacted.
• CSAT surveys – Restricted to avoid PHI exposure through feedback.