HIPAA-compliant appointment scheduling

HIPAA-compliant appointment scheduling

How OnceHub helps you protect patient data

OnceHub is a provider to organizations across the healthcare sector and is committed to helping you achieve robust compliance with the HIPAA and associated legislation.

No software is HIPAA compliant in itself. Compliance depends on its deployment, configuration, and use – on processes and infrastructure over which software developers have little control. Some vendors do, however, offer features that, when implemented correctly, help meet specific technical requirements of the HIPAA security rule. We are one of them.

Read on to learn how OnceHub can help you meet your compliance obligations while streamlining operations with a best-of-breed appointment scheduling solution.

HIPAA and appointment scheduling

The Health Insurance Portability and Accountability Act (HIPAA) is United States federal legislation to safeguard consumer data in the healthcare sector in tandem with the Health Information Technology for Economic and Clinical Health Act (HITECH).

HIPAA’s privacy rule concerns the use and disclosure of all protected health information (PHI), while its security rule focuses on the technical safeguards necessary for securing such data in electronic form (ePHI). The rules extend to anyone gathering, accessing, or sharing PHI and ePHI, including healthcare workers, employees of healthcare plans and healthcare clearinghouses, and qualifying professional service providers like lawyers and accountants.

Many of these people are users of appointment scheduling software like OnceHub. The data their systems gather during self-service healthcare scheduling will always include some of the 18 types of data the HIPAA is intended to protect. Aside from everything else, it’s critical that their scheduling solution conforms to the relevant safeguards set out in the Act.

OnceHub for HIPAA-compliant appointment scheduling

Business associate agreements

Organizations like yours sign a business associate agreement (BAA) with OnceHub in accordance with the HIPAA’s privacy and security rules. Our BAAs for covered entities and subcontractors are available for all paid accounts as part of our security and compliance add-on. It establishes a legally-binding relationship between us to help ensure protection of ePHI.

Data access controls

Technical controls OnceHub uses to protect patient data from unauthorized disclosure include:

  • NIST-compliant encryption of all data and backups at rest and securely managed encryption keys.
  • HTTPS-only applications and encryption of data in transit using TLS 1.2 and higher.
  • Secure server-to-server authentication protocols for calendar integrations.
  • Robust access controls to ensure that our appointment scheduling software and any patient data it gathers and stores are solely accessible by authorized personnel:
    • Single sign-on (SSO)
    • Two-factor authentication (2FA)
    • Role- and user-based access management
    • Password policies, account lockout, and session controls
  • Audit trails to register who logged into the system and when, in addition to tracking meeting lifecycle changes, like who canceled or rescheduled a meeting.
OnceHub privacy and security program

OnceHub runs a multi-layered privacy and security program to protect our assets and that of our customers. All prospective and existing customers can assess these measures themselves by requesting our due diligence pack, which includes a completed CAIQ and our latest SOC 2 report.

Are you looking for due diligence information?

We have it all ready for you

Get started today

back to top