Support for inactivity timeout and HIPAA compliance for CX Cloud from Genesys and Salesforce

Genesys Cloud is committed to respecting the privacy of your and your customer’s information, including electronic protected health information (ePHI). As part of this commitment, many Genesys Cloud services are compliant with the Health Insurance Portability and Accountability Act (HIPAA), specifically meeting the administrative, physical, and technical safeguards required by law. Ask a sales representative about specific compliance matters including Business Associate Agreements (BAAs) and third-party compliance verification.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law that was originally passed in 1996 and includes subsequent additions passed in the years since. Because HIPAA is a U.S. Federal Law, it only governs transactions or entities within the United States and is not an international law or standard. 

HIPAA was designed to regulate both health insurance plans (Title I) and the privacy and security of health information (Title II), among other things. The Privacy Rule in Title II regulates the use and disclosure of protected health information (PHI). The Security Rule in Title II complements the Privacy Rule and lays out administrative, physical, and technical safeguards required for HIPAA compliance.

For more information, see HIPAA compliance.

What is different for CX Cloud from Genesys and Salesforce integration in HIPAA-compliant organizations?

When HIPAA compliance is enabled for your organization, Genesys Cloud enforces an idle timeout of 15 minutes. 

CX Cloud from Genesys and Salesforce supports the system inactivity timeout feature, which automatically logs out users who are inactive for a period of 15 minutes and returns them to the login prompt. This feature enhances customers’ security posture by automatically terminating the idle user sessions, and thereby preventing unauthorized access to the platform. HIPAA-compliant organizations automatically have this feature enabled with a 15-minute inactivity timeout. For more information, see Set an automatic inactivity timeout.

Does the inactivity timeout feature apply to organizations that are not enabled for HIPAA compliance?

Yes, this feature applies to any organization for which the customers have enabled the inactivity timeout for security purposes. Organizations that are enabled for HIPAA compliance automatically have a 15-minute inactivity timeout.

What is the user impact of the inactivity timeout feature?

Users who do not interact with Genesys Cloud for the specified inactivity timeout setting are logged out and required to reenter their credentials to access Genesys Cloud.

Will inactivity timeout interfere with any interactions that are in process?

No, the voice interactions that are in process treat the user to be active. A user with a digital interaction that is inactive can be timed out by this feature. Digital interactions are preserved in the user’s roster until disconnected, even if the user logs out while the interaction is in process.