Help Scout and HIPAA

Help Scout maintains ongoing compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) and is able to process, maintain and store protected health information for any entities restricted by these regulations.  On request, Help Scout will sign a business associate agreement (BAA) with your organization. HIPAA support is available on the Plus plan only. 

What's involved in HIPAA compliance?

We complete annual risk assessments and employee training as required by HIPAA. Additionally, we've gone to great lengths to ensure that data is properly secured and encrypted.

Where is Help Scout customer data hosted? 

With the exception of off-site backup and redundancy infrastructure, Help Scout is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built in.

What sort of application security is in place? 

All Help Scout web application communications are encrypted over 256 bit SSL, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. 

Can I edit or remove PHI from a thread if needed? 

Yes. This is helpful if there are multiple parties involved in one conversation. Through a thread options menu, you can edit, delete, or hide thread contents. This prevents that information from being sent out again, or from being quoted in a future reply. 

Who has access to our Help Scout account? 

All Help Scout employees are able to access customer accounts for the sole purpose of lending a hand. We don't access customer accounts unless we're explicitly asked for help. 

Are we able to export our data if we decide to leave one day? 

All customer and conversation data can be accessed at any time via our API. We're working on in-app export tools to make that process easier for folks without API knowledge. 

Still stuck? How can we help? How can we help?