Online scheduling software makes it easy for your patients to schedule an appointment with your healthcare organization. However, it can collect protected health information (PHI) that needs protection under HIPAA.
Let’s discuss Appointlet and if it is compliant with HIPAA.
What is Appointlet?
Appointlet is online scheduling software that makes it easy for people to book appointments with you. It has features like converting time zones, calendar sync and can even accept payments.
Appointlet and the business associate agreement
Covered entities should be well-aware that any third-party vendor they work with needs to sign a business associate agreement (BAA). This also includes any online scheduling software a healthcare provider uses.
Appointlet is a business associate because it can collect PHI from patients. The collection, sharing, and storage of PHI need careful protection to stay in compliance with HIPAA. A BAA ensures that a business associate is following HIPAA security guidelines.
Appointlet doesn’t mention that it is willing to sign a BAA. With no BAA, Appointlet is automatically not HIPAA compliant.
Appointlet and data security
One of the biggest security concerns with online scheduling software is integration with third-party apps like Google Calendar. Even if an online scheduler is HIPAA compliant, third-party integrations might not comply.
Appointlet is an example of problematic syncing with third-party calendars. It doesn’t have its own calendar, so you will have to sync appointments with third-party calendars. These calendars need to be set-up for HIPAA compliance, including a separate BAA.
Appointlet stores information on servers located at Amazon’s US-East facilities. While the database has a secure connection and encrypts all data, there’s no formal policy on how long Appointlet will hold onto PHI. This could be another violation of HIPAA security rules.
Is Appointlet HIPAA compliant?
Appointlet is not HIPAA compliant.
The online scheduler doesn’t mention any willingness to sign a BAA, and there’s no guarantee that it will follow HIPAA guidelines on protecting PHI.
Don’t forget to have HIPAA compliant email
You should always confirm that your business associates comply with HIPAA, including your email providers. Sending HIPAA compliant email is key to protecting your patients’ health information from cyber attacks.
Paubox Email Suite Plus uses the latest security tools to ensure that every email you send is encrypted. Our robust inbound security tools protect against phishing, spam, viruses, and malware. We’ve also developed our patented ExecProtect feature to block display name spoofing emails from reaching your employees’ inboxes.