1. Home
  2. Docs
  3. Security Compliance
  4. Comprehensive Security Co...
  5. Encrypting ePHI custom help desk fields: A step-by-step guide

Encrypting ePHI custom help desk fields: A step-by-step guide

As the digital world grows, so does the need to protect personal and sensitive information. Encrypting custom help desk fields is essential for securing data from unauthorized access and identity theft. Desk365 provides this security through field-level encryption using Advanced Encryption Standard (AES). In this guide, we will walk you through encrypting custom help desk fields in Desk365, emphasizing the importance of HIPAA compliance for handling sensitive healthcare information. 

Overview of field-level encryption

Field-level encryption ensures that sensitive information stored and transmitted through Desk365 is secure. This process involves converting data into ciphertext, making it unreadable without the decryption key. For healthcare providers and organizations dealing with electronic personal health information (ePHI), this is crucial for compliance with the Health Insurance Portability and Accountability Act (HIPAA). 

Permissions required

Anyone can use the field-level encryption feature. However, only agents with access to Settings can configure it. 

Key points to remember

  1. Scope: Only custom text fields data can be encrypted. 
  2. Organization-Wide: Encryption applies at the organization level, including all departments. 
  3. Field Type: Encryption is applicable only to text field types. 
  4. API Support: Encrypted data is accessible via APIs. 
  5. Integration: Encrypted fields can be used in custom functions and all integrations.

Limitations

  • Reporting: Encrypted fields cannot be used in Reports 
  • Automation Rules: Encrypted fields cannot be used as conditions in automation rules. 
  • Advanced Filters: Encrypted fields cannot be utilized in advanced filters, search or sort options. 

Step-by-step guide to encrypt custom fields

  • Navigate to Settings > Admin > Ticket Fields. 
  • Select the Encrypted Text Input under Encrypted Field Types. 
encrypted-ticket-field-desk365
  • Edit the field type and label it appropriately for agents and contacts. 
  • Check the “Mark as ePHI” box and click Save. 
encrypted-text-input-field-desk365
  • Add the encrypted field to the desired ticket form. 

Example ticket showing encrypting ePHI custom help desk fields

Let’s say a healthcare organization needs to create an Appointment Form that complies with HIPAA regulations. Specifically, they need to encrypt sensitive patient information within their Desk365 help desk system. Here is how the admin implements the encryption. 

Step 1: The admin heads over to the Ticket Fields section and creates custom ticket fields such as appointment date.  

Under the Encrypted Field Types, the admin chooses the encrypted text input option and labels the field types accordingly such as Patient ID and Patient Name making it understandable that the data entered in this field will be encrypted, making it unreadable. 

The ePHI label indicates that the field contains electronic Personal Health Information (ePHI), which requires extra security and compliance measures. 

desk365-ticket-fields-with-ephi-custom-field

Step 2: The admin includes the encrypted field in the Appointment Form ensuring that whenever a new ticket is created using this form, the PHI Data Field information will be encrypted. 

ticket-form-with-ephi-field

Step 3: The admin creates a new ticket to verify that the PHI Data Field is functioning correctly and that the entered data is encrypted. 

ephi-ticket-fields-in-ticket-details-page

By following these steps, the health care clinic has successfully encrypted the PHI Data Fields in their Desk365 help desk system. This action ensures HIPAA compliance and secures sensitive patient information from unauthorized access.

Adding ePHI to dropdown with sections

In some cases, you may want to display encrypted ePHI fields only when a user selects a specific option from a dropdown. For example, showing Patient Insurance Details field only if “Billing” is selected. Let’s take a look at how to configure ePHI with dropdown sections: 

ephi-fields-in-dropdown-with-sections
  • Go to Settings > Admin > Ticket Fields. 
  • Select the field type Dropdown with sections. 
  • Label it appropriately (e.g., Department) for both agents and contacts. 
  • Enter the dropdown choices such as General Inquiry, Clinical, Billing. 
  • Click Save. 
adding-dropdown-with-section-field-desk365
  • Next, click the Add Section option next to the dropdown with section you created as shown below. 
adding-section-desk365
  • Set the Section Title (e.g., Billing Section). 
  • Under “Select choices under this section,” choose Billing. 
  • Click Save. 
section-properties
  • Now, let’s add an Encrypted Text Input field. Inside the Billing Section, click Add Field. 
add-field-within-billing-section
  • From the list of ticket field types, select Encrypted Text Input and click Add. 
choose-encrypted-text-input-field
  • Label for agents and contacts. Let’s name it Patient Insurance Details for both the agent and the contact. 
  • Check the box to Mark as ePHI. 
  • Provide a tooltip and preview label for ePHI, if needed. 
  • Click Save. 
dropdown-with-sections-ephi-text-fields
  • Now, the encrypted ePHI field will only show when Billing is selected in the department dropdown. 

By combining Dropdown with Sections and Encrypted Text Input, Desk365 empowers teams especially in healthcare, HR, or finance to capture sensitive information securely, only when necessary. 

Require additional assistance? Please reach out to us at help@desk365.io

How can we help?