Is Calendly HIPAA Compliant?

Is calendly HIPAA compliant?

Calendly is a well-known tool that many businesses use for scheduling meetings and appointments. Is it all right for healthcare organizations to use Calendly? Does Calendly support HIPAA compliance?

Businesses often waste a lot of time booking meetings and appointments and chasing employees to confirm availability. Calendly is designed to eliminate that wasted time and prevent the usual game of phone tag and make it much easier to schedule meetings and create schedules. Calendly can cut down no-show rates by sending automated email and text alerts that meetings are about to start.

The solution works with Google Calendar, Office 365, iCloud calendar, Salesforce, GoToMeeting and other favorite software platforms. It can also be incorporated directly into company websites allowing clients to book their appointments online.

Healthcare organizations can use the platform to schedule internal meetings but in order to use Calendly in connection with any electronic protected health information (ePHI), healthcare organizations must enter into a business associate agreement (BAA) with Calendly.

Is Calendly HIPAA Compliant?

Calendly makes it clear on its website that it has a secure platform and all information uploaded is protected. This scheduling tool uses 256-bit encryption to protect transmitted and stored data, and the platform is hosted on Amazon Web Services, a HIPAA-compliant hosting solution. Calendly is unable to read medical charts or other private data, it can only read the status of calendar events to prevent double bookings.

While Calendly is secure, the company states on its website that:

  • Calendly is not to be used for obtaining Protected Health Information (PHI).
  • Healthcare organizations must not include any personal or medical questions in forms when booking appointments.
  • Calendly doesn’t sign BAAs with HIPAA covered entities.

Therefore, Calendly is not HIPAA-compliant. Healthcare organizations may use it as long as there’s no ePHI involved. Healthcare organizations need to make sure that only HIPAA-compliant scheduling applications are employed for arranging patient consultations.