Both the cloud and on-premises version of ManageEngine ServiceDesk Plus are now compliant with HIPAA standards. This compliance, deemed by an independent, third-party audit organization, extends ServiceDesk Plus' ability to serve any business that handles patient healthcare and services. Here is a brief summary of what it means for ServiceDesk Plus to be HIPAA-compliant.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law aimed at protecting sensitive patient health information from being disclosed without the patient?s consent or knowledge.

Organizations that handle individuals' protected health information (PHI), such as healthcare providers and any businesses that work with them, are required to adhere to the data privacy and security standards established by HIPAA. These organizations meet the definition of "covered entities" or "business associates" under HIPAA.

How is ServiceDesk Plus defined under HIPAA?

Both the cloud and on-premises version of ServiceDesk Plus are HIPAA compliant as a BA. The responsibility of Zoho, the parent company of ManageEngine, is that of a BA as defined in HIPAA. Further, Zoho is not involved in directly collecting ePHI from data subjects.

How are ITSM tools used in healthcare?

An IT service management (ITSM) solution used in healthcare comes under the purview of HIPAA since it could be used to record various ePHI, including healthcare provider addresses, health plan details, and critical asset information. Healthcare organizations should work with ITSM solutions that are compliant with HIPAA standards to avoid incurring civil penalties. The key areas where a HIPAA-compliant ITSM tool comes in handy are: