Prepare your chat for HIPAA and PCI compliance
At LiveChat, we know how important it is to take a proper care of your customers’ medical information. That is why we prepared a short guide that will help you make your chat HIPAA compliant and PCI compliant!
To make your LiveChat HIPAA and PCI compliant, you will need to follow a few simple steps described below:
1. LiveChat HIPAA compliant: Preparing your chat window
By default, LiveChat window give your customers the possibility to send the transcript of their conversation to any email address that they provide. To make your chat both HIPAA and PCI compliant, you have to make sure that this option is disabled.
- To do that, go to the Customization section of your Chat window settings.
- Now, scroll down to the Additional tweaks section of your chat window customization.
- From the list of available tweaks, make sure to switch off the Let customers get chat transcripts option. That will prevent your customers from sending the transcript of their conversation to the provided email address.
And that’s it! Now that your chat window is ready for HIPAA and PCI compliance, let’s see how to take care of your LiveChat app for agents as well.
2. LiveChat HIPAA compliant: Preparing your LiveChat app for agents
LiveChat does not directly handle the HIPAA and PCI compliance for you. Because of that, you have to make sure that all of your customers’ medical data are kept entirely on your end.
Below you will find a few simple steps that will not only tell you how to make sure that your customers’ data will be kept only on your end. They will also tell you how to prepare your LiveChat app for HIPAA and PCI compliance:
- Set up the automatic transcript deletion upon the end of each chat conversation;
- Set up the storage of chat transcripts on your server;
- Disable the option to send and receive files by your agents;
- Restrict the access to your LiveChat app;
- Set up the password policy for your agents.
Set up the automatic transcript deletion upon the end of each chat conversation
Let’s start with setting up the automatic deletion of each new finished conversation. This can be done by setting up a webhook that will fire each time a customer will finish a chat with your company’s representative.
- First, go to the Webhooks section of your Integrations settings.
- Now, click on the Add a webhook button.
- Once again, you will be prompted with a new Webhook configurator. From the list of available settings, choose chat ends as the webhook event.
- Now, select chat, visitor and pre_chat_survey as the webhook’s data type and paste the following address into the Target URL section:
- To finalize, click on the Add a webhook button.
And that’s it! Now that you’re webhook is ready, let’s see how to make sure that each new chat with your customer will be automatically forwarded to your server.
Set up the storage of chat transcripts on your server
Setting up the automatic forwarding of your transcripts will allow you to take full control of how your customers’ medical data will be processed after the chat conversation has finished.
To make sure that the transcripts of your customers’ conversations will go straight from LiveChat to your company’s server, we recommend using our Webhooks.
Disable the option to send and receive files by your agents
- To disable the option to send and receive files by your agents, go to the File sharing section of your Chat settings.
- There, deselect the for agents and for visitors options. To finalize, click on the Save changes button.
File sharing is now disabled, making sure that your agents or your customers will not receive or send any data files that can breach the HIPAA and/or PCI regulations.
Restrict the access to your LiveChat app
Another step that you need to take is to restrict the access to your LiveChat app, so that your chat representatives will be able to log in only from a specific location. This can be done by setting up the list of IP addresses that can access your LiveChat app, like the IP address of your office.
- To do that, go to the Access restriction section of your Security settings.
- While there, select the Using the specific IP addresses option. In a text area below, provide the list of IP’s that you’d like to grant access to LiveChat.
- To apply the list of provided IP’s, click on Save changes button.
And that’s it! Now your agents can log into LiveChat only from specific IP addresses, and you can rest assured that your account will not be accessed from unverified locations.
Set up the password policy for your agents
Setting up the strict password policy for your agents should be a mandatory concern for your company’s security policy. The good practice would be to inform your agents that their passwords should contain at least 6 signs, with special characters mixed with numbers, capital and lower case letters.
In addition to that, you can use set up one of the two advanced login methods offered by LiveChat: 2-step verification with Google or Single Sign-on. To learn more about how to set up SSO at LiveChat, you can check out our official tutorial available here. As to setting up the 2-step verification with Google:
- First, proceed to the 2-Step verification section of your Security settings.
- While there, click on the Log in with Google button to link LiveChat with your Google Account.
- After linking LiveChat with your Google Account, choose Use Google Account with 2-Step Verification to log in option. To apply your new password policy, click on Save changes.
From now on, whenever your LiveChat agents will try to log in to LiveChat, they will need to use the Sign in with Google option. And that will make their login process much more secure!
3. LiveChat HIPAA compliant: Signing a BAA
As a company who’s dealing with customers’ medical information, you may want to sign a Business Associate Agreement with LiveChat. If that’s the case, we opened a dedicated firstname.lastname@example.org email address, where you can send us the proposition of your BAA.
After receiving a BAA from your company, it will be thoroughly reviewed by our Legal Department and we will make sure to get back to you via email, with a response stating whether we can agree to sign your BAA proposition.
LiveChat HIPAA compliant: What’s next?
If you’d like to learn more about what steps should you take to prepare your LiveChat for HIPAA and PCI compliance, don’t hesitate to start a chat with us – we will be more than happy to provide you with any additional information that you may require!
Also, feel free to use our official email@example.com email address, where our Legal Department is always ready to provide you with the answers to any legal concerns that may occur during preparing your LiveChat for the HIPAA and PCI regulations.