The ability to schedule appointments with patients is a critical function for healthcare organizations. Unfortunately, not all online scheduling software meets the strict HIPAA security rules. You need to choose software that is easy for patients to use and also protects their data.
Read on to learn more about ScheduleOnce and if it is HIPAA compliant.
What is ScheduleOnce?
ScheduleOnce is part of the OnceHub product suite. ScheduleOnce allows people to schedule appointments with organizations easily. It can be integrated with your website you can customize the schedule to maximize appointment times.
ScheduleOnce and the business associate agreement
A business associate agreement (BAA) is a legal contract to ensure protected health information (PHI) is secure. It’s signed between business associates and covered entities to clarify each party’s responsibility to protect data.
ScheduleOnce does offer a BAA if a covered entity has at least four users associated with its account. You can view the full BAA by clicking here.
It should be noted that covered entities are responsible for ensuring that software like ScheduleOnce is configured to meet HIPAA security requirements. For example, you may want to modify SMS notifications to not share PHI, like names or appointment times.
ScheduleOnce and data security
Since ScheduleOnce agrees to take part in a BAA, it’s fair to say that it has the security in place to meet HIPAA requirements. Let’s review its data security features.
- Short session timeouts
- Account lockout features
- Strict password guidelines
- All data and backups are encrypted
- Data in transit uses TLS 1.2 encryption
- Two-factor authentication
- Log data is continuously monitored to detect suspicious activity
Is ScheduleOnce HIPAA compliant?
Yes, ScheduleOnce can be HIPAA compliant. The scheduling software will sign a BAA, and an account can be configured for additional security features to ensure maximum protection.
Don’t forget about email security
While ScheduleOnce can be HIPAA compliant, covered entities need to also ensure that email communication meets HIPAA security requirements.
Paubox Email Suite lets you send HIPAA compliant email without your patients having to use client portals input login credentials. Your employees send emails directly to a patient’s inbox. It’s easy to use Paubox since it can seamlessly integrate with Google Workspace or Microsoft 365.
Paubox Email Suite Plus also comes with robust security features. It can stop threats like spam, malware, viruses, or phishing emails from even entering a user’s inbox. It also includes our patented ExecProtect feature to prevent display name spoofing emails from reaching your employees.
Paubox signs a BAA with every customer, so you can rest assured that your email meets HIPAA security standards.