Is HoneyBook HIPAA Compliant?
HoneyBook is not HIPAA compliant and – at present – the CRM platform should not be used for activities in which Protected Health Information (PHI) is exposed to HoneyBook’s servers. In addition, HIPAA compliant apps that are integrated into the platform will no longer be compliant if they disclose PHI to HoneyBook’s activity feed.
HoneyBook claims to be the leading client flow management platform for small business owners that can put independent professionals “in control of their process and client experience”. To support its claim HoneyBook offers an all-in-one platform through which independent professionals can:
- Track enquiries
- Schedule appointments
- Send questionnaires
- Sign contracts
- Manage projects
- Automate workflows
- Create and send invoices
- Accept online payments
In addition – and depending on the level of subscription – the platform supports integrations with third party apps such as Gmail, QuickBooks, Calendly, Zapier, and Zoom. For most small business owners, the platform consists of almost everything the business might need to manage customer relationships and simplify the administration of client side processes.
HoneyBook for Healthcare Professionals
For independent healthcare professionals and small medical practices, HoneyBook can be a cost-effective alternative to other CRM solutions that offer (and charge for) more capabilities than the business may require. HoneyBook has the added advantage of being easier to use than many other CRM solutions and has an excellent reputation for good customer service.
The issue for healthcare professionals and small medical practices is that if they qualify as covered entities or business associates under the Health Insurance Portability and Accountability Act (HIPAA), restrictions exist on uses and disclosures of PHI. In order to use any CRM solution to its full potential, the solution has to be HIPAA compliant. So, is HoneyBook HIPAA compliant?
Is HoneyBook HIPAA Compliant?
HoneyBook is not HIPAA compliant. The company states on its website that HoneyBook is not targeted at the medical and healthcare industries and the measures necessary to make HoneyBook HIPAA compliant are not prioritized. The company adds a footnote stating it may change its priorities and make HoneyBook HIPAA compliant if its targeting changes.
Because HoneyBook is not HIPAA compliant, any HIPAA compliant apps integrated into the platform will no longer be compliant if they disclose PHI to HoneyBook’s activity feed. This is because HoneyBook does not have appropriate security safeguards to protect PHI and will not enter into a Business Associate Agreement with HIPAA covered entities and business associates.
Can HoneyBook Still be Used by Healthcare Professionals?
HoneyBook can still be used by healthcare professionals depending on the “HIPAA status” of the healthcare professional, how the CRM is used, and whether or not clients consent to PHI being disclosed to a non-compliant solution.
Those who do not qualify as HIPAA covered entities (i.e., because they do not conduct electronic transactions for which the Department of Health and Human Services has developed standards) can use HoneyBook in any way they choose regardless of whether the CRM is HIPAA compliant or not.
Those who do qualify as HIPAA covered entities or business associates can use HoneyBook to manage customer relationships and simplify the administration of client side processes provided PHI is not disclosed in forms, emails, contracts, invoices, etc. without the consent of the subject of the PHI.
In both circumstances, it is still possible to disclose non-health information such as names, dates, and payment amounts to HoneyBook’s servers. Independent healthcare professionals and small medical practices who are unsure about what is considered PHI under HIPAA should seek professional compliance advice.