See our other products: BotEngine - chatbot platform | helpdesk.com - support ticket system | KnowledgeBase - help center for website

Help and support

Resources that will teach you everything about LiveChat.

Prepare your chat for HIPAA and PCI compliance

by Krzysztof Kraus

At LiveChat, we know how important it is to take a proper care of your customers’ medical information. That is why we prepared a short guide that will help you make your chat HIPAA compliant and PCI compliant!

All features allowing you to prepare your LiveChat for HIPAA and PCI compliance regulations are available from our Business plan. If you’d like to learn more, click here to visit our official pricing page.
Make your chat HIPAA compliant!

To make your LiveChat HIPAA and PCI compliant, you will need to follow a few simple steps described below:

  1. Preparing your chat window
  2. Preparing your LiveChat app for agents
  3. Signing a BAA

1. LiveChat HIPAA compliant: Preparing your chat window

By default, LiveChat window give your customers the possibility to send the transcript of their conversation to any email address that they provide. To make your chat both HIPAA and PCI compliant, you have to make sure that this option is disabled.

If you are using the previous version of our chat window, click here to learn how to remove the chat transcript icon with the use of CSS customization.
  1. To do that, go to the Customization section of your Chat window settings.
LiveChat HIPAA compliant: go to the chat window settings
  1. Now, scroll down to the Additional tweaks section of your chat window customization.
LiveChat HIPAA compliant: go to the additional tweaks
  1. From the list of available tweaks, make sure to switch off the Let customers get chat transcripts option. That will prevent your customers from sending the transcript of their conversation to the provided email address.
LiveChat HIPAA compliant: disable the Let your customer receive a chat transcript

And that’s it! Now that your chat window is ready for HIPAA and PCI compliance, let’s see how to take care of your LiveChat app for agents as well.

2. LiveChat HIPAA compliant: Preparing your LiveChat app for agents

LiveChat does not directly handle the HIPAA and PCI compliance for you. Because of that, you have to make sure that all of your customers’ medical data are kept entirely on your end.

Below you will find a few simple steps that will not only tell you how to make sure that your customers’ data will be kept only on your end. They will also tell you how to prepare your LiveChat app for HIPAA and PCI compliance:

Set up the automatic transcript deletion upon the end of each chat conversation

Let’s start with setting up the automatic deletion of each new finished conversation. This can be done by setting up a webhook that will fire each time a customer will finish a chat with your company’s representative.

  1. First, go to the Webhooks section of your Integrations settings.
LiveChat HIPAA compliant: go to Webhooks section of your Integrations settings
  1. Now, click on the Add a webhook button.
LiveChat HIPAA compliant: click on Add a Webhook
  1. Once again, you will be prompted with a new Webhook configurator. From the list of available settings, choose chat ends as the webhook event.
LiveChat HIPAA compliant: choose chat ends as the webhook event
  1. Now, select chat, visitor and pre_chat_survey as the webhook’s data type and paste the following address into the Target URL section:
https://helpers.livechatinc.com/remove-chats/
LiveChat HIPAA compliant: configure your data settings and target URL address
  1. To finalize, click on the Add a webhook button.
LiveChat HIPAA compliant: click on Add a Webhook to finalize

And that’s it! Now that you’re webhook is ready, let’s see how to make sure that each new chat with your customer will be automatically forwarded to your server.

Set up the storage of chat transcripts on your server

Setting up the automatic forwarding of your transcripts will allow you to take full control of how your customers’ medical data will be processed after the chat conversation has finished.

To make sure that the transcripts of your customers’ conversations will go straight from LiveChat to your company’s server, we recommend using our Webhooks.

When setting up a webhook that will retrieve and process the transcripts of your chats, you may require a developer’s help. If you don’t have one, you can always hire one of our certified experts!

Disable the option to send and receive files by your agents

  1. To disable the option to send and receive files by your agents, go to the File sharing section of your Chat settings.
LiveChat HIPAA compliant: go to File sharing available under Chat settings
  1. There, deselect the for agents and for visitors options. To finalize, click on the Save changes button.
LiveChat HIPAA compliant: deselect the for agents and visitors options and Save Changes

File sharing is now disabled, making sure that your agents or your customers will not receive or send any data files that can breach the HIPAA and/or PCI regulations.

Restrict the access to your LiveChat app

Another step that you need to take is to restrict the access to your LiveChat app, so that your chat representatives will be able to log in only from a specific location. This can be done by setting up the list of IP addresses that can access your LiveChat app, like the IP address of your office.

  1. To do that, go to the Access restriction section of your Security settings.
LiveChat HIPAA compliant: go to the Access restriction section of Security settings
  1. While there, select the Using the specific IP addresses option. In a text area below, provide the list of IP’s that you’d like to grant access to LiveChat.
LiveChat HIPAA compliant: provide the list of IP addresses that can access LiveChat
  1. To apply the list of provided IP’s, click on Save changes button.
LiveChat HIPAA compliant: apply IP addresses by clicking on Save Changes

And that’s it! Now your agents can log into LiveChat only from specific IP addresses, and you can rest assured that your account will not be accessed from unverified locations.

Set up the password policy for your agents

Setting up the strict password policy for your agents should be a mandatory concern for your company’s security policy. The good practice would be to inform your agents that their passwords should contain at least 6 signs, with special characters mixed with numbers, capital and lower case letters.

In addition to that, you can use set up one of the two advanced login methods offered by LiveChat: 2-step verification with Google or Single Sign-on. To learn more about how to set up SSO at LiveChat, you can check out our official tutorial available here. As to setting up the 2-step verification with Google:

  1. First, proceed to the 2-Step verification section of your Security settings.
LiveChat HIPAA compliant: go to the 2-Step verification section of Security settings
  1. While there, click on the Log in with Google button to link LiveChat with your Google Account.
LiveChat HIPAA compliant: click on the Log in with Google button
  1. After linking LiveChat with your Google Account, choose Use Google Account with 2-Step Verification to log in option. To apply your new password policy, click on Save changes.
LiveChat HIPAA compliant: click on the Log in with Google button

From now on, whenever your LiveChat agents will try to log in to LiveChat, they will need to use the Sign in with Google option. And that will make their login process much more secure!

LiveChat HIPAA compliant: click on the Sign in with Google

3. LiveChat HIPAA compliant: Signing a BAA

Signing a Business Associate Agreement with LiveChat is available from our Enterprise plan. If you’d like to learn more, click here to visit our official pricing page.

As a company who’s dealing with customers’ medical information, you may want to sign a Business Associate Agreement with LiveChat. If that’s the case, we opened a dedicated legal@livechatinc.com email address, where you can send us the proposition of your BAA.

After receiving a BAA from your company, it will be thoroughly reviewed by our Legal Department and we will make sure to get back to you via email, with a response stating whether we can agree to sign your BAA proposition.

LiveChat HIPAA compliant: What’s next?

If you’d like to learn more about what steps should you take to prepare your LiveChat for HIPAA and PCI compliance, don’t hesitate to start a chat with us – we will be more than happy to provide you with any additional information that you may require!

Also, feel free to use our official legal@livechatinc.com email address, where our Legal Department is always ready to provide you with the answers to any legal concerns that may occur during preparing your LiveChat for the HIPAA and PCI regulations.

Did you find this helpful? Yes No
Thanks for your feedback.
100% of people found this helpful.

Start free LiveChat trial!

5-minute setup, test out the Team plan features for 30 days, no credit card required.

Rate us! Rate this chat to help us become better support. +