Binti takes security very seriously. All of the information we gather is transmitted and stored with secure encryption.
Zendesk Security
Zendesk is the third-party software Binti Customer Support utilizes to meet chat, email and phone needs of our clients.
Binti currently maintains a Business Associate Agreement (“BAA”) with Zendesk and we opted into their “HIPAA Enabled Account” option for our Zendesk Enterprise service.
Chat
Chat is the most secure component by which to communicate.
To protect any potential PHI/PII shared in a chat encounter, unless you’ve used the chat feature to request the chat transcript, the email you receive will not include the transcript. If you wish to receive the chat transcript, please respond to the email received and our Support team will provide you with the chat transcript after having removed any PHI/PII.
For any email communication that is sent by a client to our Binti customer support staff, the latest security settings are configured via Zendesk. We cannot guarantee the security of Zendesk emails that are sent to the client's mailbox and recommend using chat if possible.
We request for any additional PHI/PII context to be set securely via a secure email mailbox only accessible to a limited number of employees.
Binti Customer Support Security Protocol
All Binti Customer Support Associates are to take all necessary measures to protect PHI/PII.
- Binti Customer Support will provide the minimum amount of personal information to meet the client’s needs.
Acceptable data:
Name + any of the following:
-
-
- Email Address
- RFA# (or other Agency ID#)
- Binti links
-
Unacceptable data:
Name (acceptable) + none of the following:
-
-
- Address
- Phone #
- Date of Birth
- SSN
- Direct links for password resets
-
- If any additional data (including attached documentation) outside of the name that could be PHI/PII is provided by the client, Binti Customer Support will not include those details in any response to the client and will do their due diligence in re-directing the client to safer practices.
- If a client emails Binti Customer Support with attached document(s) that include PHI/PII, Binti Customer Support will send a new email to the client with confirmation of the original request being met. (This measure of creating a new email will eliminate the client’s document(s) from being shared more than one time, reducing PHI/PII being transmitted.)
- Binti Customer Support staff are trained on PHI/PII and the security measures that are expected of them. In addition, the Customer Support Quality Lead monitors Customer Support staff correspondence to ensure PHI/PII information is protected.
- Binti Customer Support staff are required to complete counter-social engineering training as well as successfully complete an industry-leading Security Awareness Training program on an annual basis.
Feel free to contact us via phone or email with any questions regarding how we secure customer support communications. We can be reached at allison@binti.com, joe@binti.com, or brittany@binti.com.
Password Protocol
For NIST Special Publication 800-63B Authentication and Lifecycle Management, Binti complies with level AAL1. If Single Sign-On (SSO) is set up with Multi Factor Authorization, Binti complies with AAL2.
Binti requires a password to be at least 8 characters and can be up to 4096 characters. We additionally check passwords against a list of banned passwords that include the corpuses of multiple breaches, and lists of common passwords. There is a limit of 5 attempted password resets before a user's account is locked.
Feel free to contact us via phone or email with any questions regarding our password policy. We can be reached at allison@binti.com or brittany@binti.com.
Comments
0 comments
Please sign in to leave a comment.