FERPA-compliant appointment scheduling
How OnceHub helps you protect student data
OnceHub is a provider to organizations across the education sector and is committed to helping you achieve robust FERPA compliance.
Read on to learn how we can help you meet your compliance obligations while streamlining operations with best-of-breed appointment scheduling software.
FERPA and appointment scheduling software
The Family Educational Rights and Privacy Act (FERPA) is United States federal legislation to protect the confidentiality, integrity, and availability of students’ educational records – with particular focus on the personally identifiable information (PII) they contain. FERPA applies to all schools that receive funds from the US Department of Education. Non-compliance can result in the withdrawal of that financial support.
Data regulated under FERPA includes academic, health, and financial information, as well as PII used to identify students for administrative purposes if they have opted to keep it private.
To achieve FERPA compliance, educational organizations have to invest in secure information technology platforms and communications systems; institute security best practices; and manage risk with third-parties, ensuring that all relevant vendors have the appropriate safeguards to protect student data. That includes the provider of your appointment scheduling software.
OnceHub for FERPA-compliant appointment scheduling
Data retention and deletion
OnceHub provides educators and other members of the education community with the tools necessary to maintain FERPA compliance.
Our users have full control over the data they collect from students using our system, what they choose to retain, and for how long. They can easily generate customer reports to respond to data access requests, and we provide a process to permanently delete student data from our servers on their request.
Data access controls
Technical controls OnceHub uses to protect student data from unauthorized disclosure include:
- NIST-compliant encryption of all data and backups at rest and securely managed encryption keys.
- HTTPS-only applications and encryption of data in transit using TLS 1.2 and higher.
- Secure server-to-server authentication protocols for calendar integrations
- Robust access controls to ensure that our system and any patient data it gathers and stores are solely accessible by authorized personnel:
- Single sign-on (SSO)
- Two-factor authentication (2FA)
- Role-based permissions
- Password policies, account lockout, and session controls
- Audit trails to register who logged into the system and when, in addition to tracking meeting lifecycle changes, like who canceled or rescheduled a meeting.
OnceHub privacy and security program
OnceHub runs a multi-layered privacy and security program to protect our assets and that of our customers. The program has been audited to ensure that it satisfies all relevant provisions of the HIPAA security rule. All prospective and existing customers can assess these measures themselves by requesting our due diligence pack, which includes a completed CAIQ and our latest SOC 2 report.