HIPAA compliance

Note: To comply with HIPAA, you must sign a Business Associate Agreement (BAA) with ScheduleOnce. The standard ScheduleOnce BAA is available to paid Enterprise accounts. Contact us to enable your HIPAA compliant account.

The Health Insurance Portability and Accountability Act (HIPAA) is United States legislation that provides data privacy and security provisions for safeguarding medical information. ScheduleOnce has built the necessary controls to satisfy HIPAA. HIPAA include two sets of rules, the HIPAA privacy rule and the HIPAA security rule.

The HIPAA privacy rule

The HIPAA privacy rule governs the circumstances under which health data can be disclosed. The rule defines to whom the data can be disclosed, how the data can be used, and how long it should be retained. For example, your ScheduleOnce data is permanently deleted when you stop using our service, fulfilling the HIPAA privacy rule

The HIPAA security rule 

The HIPAA security rule governs how patient data is secured. The rule defines three categories of controls designed to protect patient data from unauthorized disclosure:
  • Technical safeguards
  • Administrative safeguards
  • Physical safeguards
ScheduleOnce has a comprehensive security program that employs a multi-layered control system designed to protect patient data. For example, all patient data is encrypted and our servers are continuously monitored with advanced threat detection tools. The ScheduleOnce security program has been audited to ensure that it satisfies the HIPAA security rule.

Rate this article