Adds hipaa user session timeout behavior [DOC-743] (#5570)

Author: JairAviles

src/privacy/hipaa-eligible-segment.md

@@ -107,4 +107,8 @@ To remove encryption from incoming data:
 4. On the **Turn off data encryption?** popup, click **Confirm**.
 
 > success ""
-> Disabling the data encryption setting does not decrypt existing data, but does prevent any future data from being encrypted. 
+> Disabling the data encryption setting does not decrypt existing data, but does prevent any future data from being encrypted.
+
+## User session timeouts
+
+Segment automatically logs out all users with access to HIPAA eligible workspaces after 15 minutes of inactivity.

src/segment-app/iam/concepts.md

@@ -8,6 +8,10 @@ plan: iam
 A Segment *Team Member* is an individual with access to a workspace. A Segment user can be associated with one or more workspaces, either as an `owner` or `member` of each.
 Check out the [roles documentation](/docs/segment-app/iam/roles) for a complete list of roles.
 
+The user session for a Segment Team Member is 7 days. Team Members in a [HIPAA eligible workspace](/docs/privacy/hipaa-eligible-segment/) have a 15 minute user session across all workspaces.
+
+If you are a Team Member in a HIPAA eligible workspace and want to access a non-HIPAA eligible workspace with a 7 day user session, you can create an alias (for example `[email protected]`).
+
 ## User Groups
 
 A *User Group* is a set of Team Members with a set of shared policies. A Segment Team Member can be a member of one or many Groups. All roles in the Segment App are additive, which means that group membership can be assigned in addition to individual roles for a single team member. For example, a single user could inherit roles from a Group definition AND have access to additional resources through individually assigned roles.