How do I setup my LiveHelpNow chat account in order to meet HIPAA and PCI privacy rules?
The following settings must be applied for LiveHelpNow Chat accounts to meet HIPAA privacy requirements as well as PCI compliance.
- MUST! For ALL PI,PHI,PCI data that needs be collected from the customer in SMS chat, in-Browser chat or Email, please setup and use secure forms. (Admin Panel->My account->Forms)
Secure Forms allow data collected via encrypted channel, store encrypted at-rest as well as to be purged upon view or on a regular schedule.
More info on Secure Forms for PCI/HIPAA comliant data collection:
https://www.livehelpnow.net/help-desk-software/hipaa-pci
https://www.livehelpnow.net/blog/hipaa-pci-compliant-chat-and-email/
https://www.livehelpnow.net/blog/wishes-can-come-true-secure-forms/ - MUST! Deselect 'Operators can send/request files during chat' in Admin panel > Chat system > System setup > System settings.
- MUST! Restrict operators' ability to email chat transcripts:
Go to Admin panel > Chat System > System setup > System settings > scroll down to Operator restrictions, un-check 'Operators can email chat transcripts' - MUST! Do not email chat transcript copies to visitors upon chat completion:
In Admin Panel > Customization > Chat window select each window and scroll down to the bottom of the menu. Ensure that 'Email customers chat transcript automatically upon chat completion' is left un-checked. - MUST! Do not email yourself chat transcript copies (view them within operator panel Analytics reports or securely send them to a web service using Eventing API):
In Admin Panel > Customization > Chat window select each window and scroll down to the bottom of the menu. Ensure that 'Email transcripts:' is left blank. - OPTIONAL: Request your account be restricted to certain IP addresses so only agents within your company network are allowed to login.
- OPTIONAL: Setup Eventing API to send chat transcripts to your server and request transcripts to be immediately purged.
- MUST! Request transcripts and PII data to be purged immediately upon chat completion or per specific schedule (1 hour\1 day after chat completion)
Related articles:
How and where is Live Chat, Ticket and Knowledge Base data stored?
Is LiveHelpNow PCI certified, HIPAA compliant, and Safe Harbor compliant?