by Sara Nguyen
Article filed in

Is Zocdoc HIPAA compliant?

by Sara Nguyen

Zocdoc company logo

You want to make it as simple as possible for a patient to visit you, and many healthcare providers look to online scheduling software to make booking appointments easy. However, your scheduling software needs to be HIPAA compliant.

Zocdoc is a popular online medical appointment booking service. But is it in compliance with HIPAA? Let’s review Zocdoc and its company policies.

Zocdoc and the business associate agreement

Scheduling software companies are usually considered business associates because of the potential to receive protected health information (PHI). Covered entities should make an effort to ensure that they partner with a scheduling software company that is willing to sign a business associate agreement (BAA).

A BAA ensures that a business associate follows HIPAA security guidelines about protecting PHI. 

Zocdoc does provide a BAA. You can read the BAA by clicking here.

Zocdoc also has an “Authorization” that allows PHI to be used and disclosed the same way as non-PHI. This authorization allows Zocdoc to possibly disclose PHI to third-parties and business partners.

The website says, “Therefore, when Zocdoc relies on this Authorization, and uses and discloses PHI as described in this Authorization, it is not working as a Business Associate and the HIPAA requirements that apply to Business Associates will not apply to such uses and disclosures.”

You can opt-out of providing this PHI authorization.

Zocdoc and data security

Zocdoc does have security features in place to protect data. Some of these security features include:

To read more about Zocdoc’s data and security, click here.

Is Zocdoc HIPAA compliant?

Yes, Zocdoc can be HIPAA compliant. A healthcare provider will need to opt-out of the Zocdoc Authorization for PHI, and sign up for a BAA to comply with HIPAA.

Is your email HIPAA compliant?

You should always take the precaution to ensure that all of your online communication is secure and in compliance with HIPAA. One of the most common security risks is when people don’t send HIPAA compliant email.

Paubox Email Suite Plus is the solution you need to protect your emails and data. We have robust inbound security tools and leverage TLS 1.3 encryption to keep your emails and inboxes safe. Our software stops threats like phishing emails, spam, viruses, and malware from reaching a user’s inbox. It also includes our patented ExecProtect feature, which blocks display name spoofing emails.

Paubox is also simple for your employees and patients to use. It can easily integrate into your current email provider including Google Workspace and Microsoft 365. Your employees can send emails directly to a patient’s inbox. You can say goodbye to third-party apps and client portals.

Try Paubox Email Suite Plus for FREE today.