PX User Tracking |
|
PX Data Transmission
|
- Recommend removing support for anything except strong encryption if there is a chance that ePHI could be transmitted. Do so by configuring PX to disable support for any encryption capabilities that aren’t deemed strong, including unencrypted transport, TLS 1.0, and TLS 1.1.
|
PX SDK Configuration
|
-
Require that specific application URLs be masked or excluded through configuration.
-
Recommend that IP tracking be disabled through configuration.
-
Recommend limiting tracking of DOM data elements that contain ePHI to the minimum necessary to meet the need. Note, by default PX does not track DOM data elements.
-
Recommend deleting the user record, if ePHI is tracked via a URL, IP address, or DOM element and must be deleted.
|
PX Custom Events Tracking |
-
Recommend limiting custom event tracking that may contain ePHI to the minimum necessary meet the need.
-
Recommend deleting the user record, if ePHI in a custom event must be deleted.
|
PX URL Mapping |
- Recommend using the SDK configuration to mask or exclude URLs that are tracked, included in Product Mapper or Guides, that may contain any ePHI.
|
PX Knowledge Center (KC) Bot |
- Recommend not configuring or utilizing the KC Bot feedback module which allows free input text if a customers’ end user may enter ePHI into KC bot for feedback or may search for ePHI in the KC Bot.
|
PX Engagements |
-
Recommend limiting any engagements triggered based on ePHI to the minimum necessary to complete the task.
-
Recommend limiting the use of Surveys to collect ePHI to the minimum necessary to complete the task.
|
PX Integrations with other systems, including Gainsight CS |
-
Recommend only sending aggregated user or account level data to a system integrated with PX to limit transmission of ePHI.
-
Recommend only sending aggregated user or account level data using a rest API to limit transmission of ePHI.
-
If ePHI must be transmitted, recommend limiting data transmission from PX to the minimum necessary to complete CS tasks.
-
If you are concerned about incidental ePHI being transmitted from PX to CS, you may choose to not enable the integration and only import account level data with a custom integration.
|
PX Product Mapper & Guide Mapper |
-
Recommend limiting tracking of the particular element that contains ePHI to the minimum necessary to meet the need.
-
If you need to track an element with ePHI, we recommend that you use a numeric naming convention for the element.
|