How to Keep Your Acuity Scheduling HIPAA Compliant
Protected health information management in Acuity Scheduling requires careful configuration to maintain HIPAA compliance. You'll need to be on the Powerhouse plan to access these features.
To activate HIPAA compliance:
- Navigate to Customize Appearance
- Click Scheduling Page Options
- Follow the BAA (Business Associate Agreement) setup process
- Review and submit the required information
Key HIPAA-specific protections activated:
- Email notifications exclude customer form responses
- File uploads limited to local devices only
- Customer email verification features disabled
- Certain calendar syncing services restricted
- Invoicing and Reserve with Google integration disabled
- Modified subscription renewal notifications
Email and Text Notification Security:
- Default messages may contain PHI
- Calendar invites (ICS) include appointment details
- Customers can opt-out of marketing communications
- Transaction-related emails will continue
- Manual appointment creation can bypass notifications
Important Compliance Requirements:
- Must maintain Powerhouse plan subscription
- Each Acuity account needs separate HIPAA activation
- Organization controls own compliance practices
- External integrations require separate compliance verification
- Regular BAA review recommended
To access your BAA:
- Go to Customize Appearance
- Select Scheduling Page Options
- Choose "View and download the signed BAA"
- Download PDF if needed
Remember that HIPAA compliance extends beyond Acuity's features - your entire practice must maintain appropriate security measures and protocols.
External integrations require careful consideration, as many third-party services may not meet HIPAA requirements. Always verify compliance before connecting any external services to your Acuity account.
Note: The Squarespace platform's other features, including contact forms, are not HIPAA-compliant. Use appropriate external services for collecting sensitive patient information outside of Acuity Scheduling.
Related Articles
HIPAA Compliance Guide: Setting Up and Securing Acuity Scheduling
