We are a HIPAA compliant company and so do not want to use the JS provided by intercom due to the security risk. Does anyone know of a way to implement the service without using JS that calls every time?

Page 1 / 1

Hello @user518 👋 , Based on this article, Intercom currently not compliant HIPAA (you shouldn't use Intercom to store sensitive medical data).

More information

Hi,

We're not using intercom to store any data from our customers. Its purely a communications tool to our clients who themselves have patient information.

However, the concern is that the JS used to run intercom could be compromised and altered to then scrape or read our app for information that could contain patient information. As the JS is ran every time on every page and we dont control the JS, we'd be reliant on Intercom not to be compromised.

I'm trying to see if there is an alternative option to having this JS go back and forth every time.

Hey @user518, I'd strongly recommend that you implement identity verification to increase the security of your Intercom installation.

Hey @user518, I wanted to update you to let you know that, as of today, you can store user data on Intercom in a HIPAA compliant manner. You can read more about this here.

Reply

Join the Intercom Community 🎉

Intercom Customers and Employees

Login to the community

Intercom Customers and Employees

Scanning file for viruses.

This file cannot be downloaded