Acuity Scheduling and the business associate agreement
If you're a covered entity using a third-party vendor for scheduling appointments, you will need the vendor to sign a business associate agreement ( BAA ). Scheduling software may receive protected health information (PHI) like names, email addresses, or phone numbers. A BAA ensures that business associates use HIPAA guidelines to protect PHI. A BAA ensures that data security laws are being followed. If there's no BAA signed, you will be violating HIPAA rules.
Acuity Scheduling is willing to sign a BAA, but only if your organization is part of the Powerhouse plan or a custom Enterprise plan.
Data security and Acuity Scheduling
Acuity Scheduling claims that a third-party information security consultant reviewed its software and confirmed it could be HIPAA compliant. The website doesn't give specific details about data security, but it's available upon request. It's not enough to simply sign a BAA. It's up to the covered entity to configure settings to ensure compliance with HIPAA guidelines. You are solely responsible for ensuring that Acuity Scheduling settings are HIPAA compliant and meet your business needs. Acuity Scheduling hase extra security features for HIPAA-enabled accounts. Some of these features include:
- Intake forms will only accept documents from local computers or devices.
- Email notifications won't include client form answers.
- Syncing with third-party calendars is disabled.
- Browser session times end after 4 hours instead of several days.
- Patients will not be able to use an email address to redeem packages they've purchased. They will have to log in or use a randomly generated code to access packages.
- PHI is disabled in email or text notifications sent to patients.
So is Acuity Scheduling HIPAA compliant?
Yes, Acuity Scheduling can be HIPAA compliant. The scheduling software is willing to sign a BAA, and you can configure the settings to ensure compliance with HIPAA guidelines. For more information on Acuity Scheduling and HIPAA compliance, take a look at its website .
Consider Paubox for HIPAA compliant email
Any third-party vendor you use needs to be HIPAA compliant. So are your emails compliant with HIPAA security rules? Paubox Email Suite Plus uses the latest security tools to ensure that every email you send is encrypted . It can easily integrate with your current email provider, like Google Workspace or Microsoft 365 . All emails are sent directly to your patients' inboxes—no need for third-party apps or client portals. Our robust inbound security tools protect against phishing , spam , viruses , and malware . Our patented ExecProtect feature also blocks display name spoofing emails from reaching the inbox. Paubox also includes a business associate agreement with no extra charge. This is the solution for HIPAA compliant email that you've been looking for in your healthcare business.