Calendly is a tool that allows businesses to schedule appointments and meetings, integrating with many popular calendar applications. As a software application, under HIPAA, Calendly is considered a business associate when servicing healthcare clients. As such, it is important to determine whether or not the platform is HIPAA compliant. Is Calendly HIPAA compliant?
Is Calendly HIPAA Compliant: Security Features
Organizations working in healthcare have an obligation to ensure the confidentiality, integrity, and availability of protected health information (PHI). When using software tools in conjunction with PHI, the software must have security features to ensure that this standard is met.
Calendly utilizes 256-bit encryption to secure the data transmitted through its platform. 256-bit encryption is one of the most secure encryption methods, as it masks data making it unreadable to unauthorized users. Since Calendly utilizes encryption, the only data that the software has access to is calendar status, as in busy/free status. Access to this information ensures that calendar appointments are not double booked.
Although Calendly is secure, their website states, “Calendly should not be used for collecting Protected Health Information. As a final layer of precaution, we encourage users who prioritize HIPAA compliance to refrain from including any personal or medical questions in the question form invitees complete when scheduling.”
Is Calendly HIPAA Compliant: Business Associate Agreement
Organizations working in healthcare are required to have signed business associate agreements (BAAs) with all of their business associates. A BAA must be signed before it is permitted to use software in conjunction with PHI. Software tools that are not willing to sign a BAA cannot be used to receive, transmit, create, store, or maintain PHI.
Calendly states on their website that, “Calendly does not sign security agreements or extend security protocol. If your practice is the type of speciality that requires a BAA, then Calendly will not be a HIPAA-compliant solution.”
Is Calendly HIPAA Compliant?
Is Calendly HIPAA compliant? Since the platform is unwilling to sign a business associate agreement, the platform is not HIPAA compliant. Therefore, Calendly cannot be used for patient scheduling. It can however be used to schedule internal meetings, as in meetings between staff members.