Answered

We are a HIPAA compliant company and so do not want to use the JS provided by intercom due to the security risk. Does anyone know of a way to implement the service without using JS that calls every time?

  • 3 December 2020
  • 4 replies
  • 20 views
U
We are a HIPAA compliant company and so do not want to use the JS provided by intercom due to the security risk. Does anyone know of a way to implement the service without using JS that calls every time?
icon

Best answer by Eric Fitz 25 March 2021, 16:40

View original

4 replies

R
Rank
Userlevel 1
Badge

Hello @user518​ 👋 , Based on this article, Intercom currently not compliant HIPAA (you shouldn't use Intercom to store sensitive medical data).

 

More information

U

Hi,

 

We're not using intercom to store any data from our customers. Its purely a communications tool to our clients who themselves have patient information.

However, the concern is that the JS used to run intercom could be compromised and altered to then scrape or read our app for information that could contain patient information. As the JS is ran every time on every page and we dont control the JS, we'd be reliant on Intercom not to be compromised.

 

I'm trying to see if there is an alternative option to having this JS go back and forth every time.

Eric Fitz
Userlevel 1

Hey @user518​, I'd strongly recommend that you implement identity verification to increase the security of your Intercom installation.

Eric Fitz
Userlevel 1

Hey @user518​, I wanted to update you to let you know that, as of today, you can store user data on Intercom in a HIPAA compliant manner. You can read more about this here.

Reply


Terms & ConditionsCookie settings