Is Calendly HIPAA Compliant?

Is calendly HIPAA compliant?

Calendly is not HIPAA compliant and if a business creates, collects, maintains, or transmits Protected Health Information using the service, it would be a violation of Calendly’s terms of service. In addition, Calendly refuses to enter into Business Associate Agreements with covered entities and business associates.

Businesses often waste a lot of time booking meetings and appointments and chasing employees to confirm availability. Calendly is designed to eliminate that wasted time and prevent the usual game of phone tag and make it much easier to schedule meetings and create schedules. Calendly can cut down no-show rates by sending automated email and text alerts that meetings are about to start.

The solution works with Google Calendar, Office 365, iCloud calendar, Salesforce, GoToMeeting and other favorite software platforms. It can also be incorporated directly into company websites allowing clients to book their appointments online.

Healthcare organizations can use the platform to schedule internal meetings but in order to use Calendly in connection with any electronic protected health information (ePHI), healthcare organizations must enter into a business associate agreement (BAA) with Calendly.

Is Calendly HIPAA Compliant?

Calendly makes it clear on its website that it has a secure platform and all information uploaded is protected. This scheduling tool uses 256-bit encryption to protect transmitted and stored data, and the platform is hosted on Amazon Web Services, a HIPAA-compliant hosting solution. Calendly is unable to read medical charts or other private data, it can only read the status of calendar events to prevent double bookings.

While Calendly is secure, the company states in its Customer Terms and Conditions:


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

  • Calendly is not to be used for obtaining Protected Health Information (PHI).
  • Healthcare organizations must not include any personal or medical questions in forms when booking appointments.
  • Calendly doesn’t sign BAAs with HIPAA covered entities.

Therefore, Calendly is not HIPAA-compliant. Healthcare organizations may use it as long as there’s no ePHI involved. Healthcare organizations need to make sure that only HIPAA-compliant scheduling applications are employed for arranging patient consultations.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: