Acuity Scheduling and HIPAA compliance requires specific steps and considerations to ensure proper handling of protected health information. This guide explains the essential requirements and procedures.

Making Your Acuity Account HIPAA Compliant

Acuity Scheduling is designed to meet HIPAA security standards and has been validated by external security consultants. To enable HIPAA compliance:

1. Subscribe to the Powerhouse plan
2. Go to Customize Appearance > Scheduling Page Options
3. Click the BAA access link at the top
4. Review and sign the Business Associate Addendum (BAA)

Key Compliance Requirements

• HIPAA compliance must be enabled before handling any protected health information
• Each Acuity account requires its own BAA
• Organizations are responsible for implementing appropriate controls and settings
• Custom BAAs are available with Enterprise plans (additional fee)

Additional Security Protections

HIPAA-compliant accounts include extra safeguards:

• Email notifications exclude client form responses
• File uploads limited to local devices only
• Calendar sync restricted (Office 365, Outlook.com, Exchange, iCloud disabled)
• Invoicing and Reserve with Google features disabled
• No integration with Squarespace Email Campaigns

Email and SMS Notifications

By default, notifications may contain protected health information. Important considerations:

• Calendar invitations (ICS files) include client details
• Clients can opt-out of marketing emails but will receive transaction confirmations
• Appointment notifications can be prevented by omitting contact information

Third-Party Integrations

Most third-party integrations don't support HIPAA compliance. Organizations must:

• Disable non-compliant integrations
• Verify compatibility with business requirements
• Establish necessary agreements before use
• Manage security settings appropriately

Accessing Your BAA

To review or download your BAA:

1. Navigate to Customize Appearance
2. Click Scheduling Page Options
3. Select View and Download the Signed BAA
4. Optional: Download PDF copy

Remember: Enabling HIPAA features alone doesn't ensure compliance. Organizations must maintain appropriate business processes and systems that align with HIPAA security standards.

Related Articles

Previous Articles