Recommended LiveHelpNow chat settings for HIPAA, PCI compliance
How do I setup my LiveHelpNow chat account in order to meet HIPAA and PCI privacy rules?
The following settings must be applied for LiveHelpNow Chat accounts to meet HIPAA privacy requirements as well as PCI compliance.
- MUST! For ALL PI,PHI,PCI data that needs be collected from the customer in SMS chat, in-Browser chat or Email, please setup and use secure forms. (Admin Panel->My account->Forms)
Secure Forms allow data collected via encrypted channel, store encrypted at-rest as well as to be purged upon view or on a regular schedule.
More info on Secure Forms for PCI/HIPAA comliant data collection:
https://www.livehelpnow.net/help-desk-software/hipaa-pci
https://www.livehelpnow.net/blog/hipaa-pci-compliant-chat-and-email/
https://www.livehelpnow.net/blog/wishes-can-come-true-secure-forms/ - MUST! Deselect 'Operators can send/request files during chat' in Admin panel > Chat > General settings.
- MUST! Restrict operators' ability to email chat transcripts:
Go to Admin panel > Chat > General settings. uncheck 'Operators can email chat transcripts' - MUST! Do not email chat transcript copies to visitors upon chat completion:
In Admin Panel > Chat > Chat windows, select each window and open Post-chat communication section. Ensure that 'Email customers chat transcript automatically upon chat completion' is left un-checked. - MUST! Do not email yourself chat transcript copies (view them within operator panel Analytics reports or securely send them to a web service using Eventing API):
In Admin Panel > Chat > Chat windows, select each window and open Post-chat communication section. Ensure that 'Email transcripts:' is left blank. - MUST! Go to Admin Panel -> Security -> Security & Compliance and setup your data to be purged immediately upon chat completion or per specific schedule (1 hour\1 day after chat completion). An Enterprise plan is required for data purge.
- OPTIONAL: Setup Eventing API to send chat transcripts to your server and setup transcripts to be immediately purged in Admin Panel -> Security -> Security & Compliance.
- OPTIONAL: Request your account be restricted to certain IP addresses so only agents within your company network are allowed to login.
Related articles:
How and where is Live Chat, Ticket and Knowledge Base data stored?
Is LiveHelpNow PCI certified, HIPAA compliant, and Safe Harbor compliant?