HIPAA & BAA · Customer support / help desk
Is Freshdesk HIPAA compliant?
Conditionally. Freshworks will sign a BAA for qualifying customers and Freshdesk can be configured to be HIPAA-compliant, covering Freshdesk, Freshchat, Freshcaller, and Freshdesk Omnichannel — but only with the mandatory security configuration applied.
Key facts
- BAA available: Conditionally — on specific plans
- What it takes: Freshworks will sign a BAA for qualifying Covered Entities/Business Associates with mandatory HIPAA configuration; the required plan tier is not stated in official docs — contact Freshworks
- Official source: Freshworks — HIPAA Configuration Guide — https://support.freshdesk.com/support/solutions/articles/238735-hipaa-configuration-guide (verified 2026-06)
How to use Freshdesk in a HIPAA-compliant way
- Contact Freshworks (support@freshdesk.com or your rep) and identify as a Covered Entity or Business Associate to request a BAA.
- Execute the mutual BAA.
- Apply the mandatory config: store PHI only in custom encrypted fields, enable SSL/TLS, SSO/IP controls, and the data-masking app; disable Freshconnect.
- Keep PHI within the BAA-covered products (Freshdesk, Freshchat, Freshcaller, Omnichannel).
- Maintain the mandatory specifications — BAA validity depends on continued adherence.
Important caveats
- PHI must go in custom encrypted fields; default fields cannot be encrypted and must not hold PHI.
- The required plan tier is not stated in official docs — do not assume a specific tier; confirm with Freshworks.
- The BAA scope is product-limited; processing ePHI in other Freshworks products is not covered.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Freshdesk correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Freshdesk.
Frequently asked questions
Does Freshdesk sign a BAA?
On specific plans. Freshworks will sign a BAA for qualifying Covered Entities/Business Associates with mandatory HIPAA configuration; the required plan tier is not stated in official docs — contact Freshworks A signed BAA is required before any PHI is involved.
Is Freshdesk HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Freshdesk offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Freshdesk with PHI?
PHI must go in custom encrypted fields; default fields cannot be encrypted and must not hold PHI.
