Acuity Scheduling enables healthcare providers to maintain HIPAA compliance while managing patient appointments. This guide explains the essential steps and requirements for HIPAA-compliant scheduling.

Making Your Acuity Account HIPAA Compliant:

• Subscribe to the Powerhouse plan
• Navigate to Customize Appearance > Options for Appointment Page
• Complete the Business Associate Agreement (BAA)
• Submit required information

Key Security Features for HIPAA Compliance:

• Email notifications exclude client form responses
• Local-only file uploads (no cloud storage services)
• Restricted email-based balance checking
• Disabled calendar sync with Office 365, Outlook, Live.com, Exchange, and iCloud
• No Squarespace Email Marketing integration
• Disabled billing feature
• No "Reserve with Google" integration
• Limited subscription renewal information

Email and SMS Management:

• Default notifications may contain PHI
• Calendar attachments (ICS) include appointment details
• Clients can opt out of marketing emails
• SMS opt-out available by replying STOP
• Control notifications by managing client contact information

Third-Party Integration Considerations:

• Many integrations don't support HIPAA
• Evaluate each integration's compliance
• Establish necessary contractual arrangements
• Modify settings to meet compliance requirements

Important Responsibilities:

• Maintain Powerhouse subscription
• Complete BAA before handling PHI
• Manage separate BAAs for multiple accounts
• Implement appropriate controls and settings
• Monitor information exchange between parties
• Ensure business practices align with regulations

To access your BAA:

1. Open Customize Appearance
2. Click Options for Appointment Page
3. Select View and Download Signed BAA
4. Download PDF if needed

Remember: Enabling HIPAA features alone doesn't guarantee compliance. Your organization must implement appropriate practices and controls to maintain regulatory compliance.

Related Articles

Previous Articles