Online scheduling software can have access to protected health information (PHI), which can be a security concern for healthcare organizations. It’s vital to make sure that you are using the appropriate software to protect patient data.
Let’s take a look at SimplyBook and if it can be an option for healthcare organizations.
SimplyBook and the business associate agreement
A third-party vendor that has access to or stores PHI is considered a business associate under HIPAA. This means that extra precautions need to be taken by the business associate to stay in compliance with HIPAA.
An online scheduling software company counts as a business associate since it can collect PHI.
Covered entities need to ensure that business associates are implementing the necessary safeguards to protect PHI. A legal contract known as the business associate agreement (BAA) is key to making sure that patient data is protected. It lays out the responsibilities of the business associate and how it uses the data it collects.
SimplyBook does offer a BAA to ensure HIPAA compliance, which makes it a potential option for healthcare providers.
SimplyBook and data security
Just because SimplyBook is willing to sign a BAA, it doesn’t mean that its security features match what your organization needs. Here are a few features that SimplyBook implements to protect your data:
- Employee training to protect PHI
- Access is restricted to only authorized users
- Auto idle time logout features
- Adjusted email and SMS booking notifications
- Daily data backup
- SSL encryption
- Two-factor authentication
Is SimplyBook HIPAA compliant?
Yes, SimplyBook can potentially be HIPAA compliant. Covered entities that choose to use SimplyBook will need a Standard or Premium subscription to access HIPAA security features. You should also configure security settings to ensure compliance with HIPAA security requirements.
Don’t forget about HIPAA compliant email
While configuring security features from various business associates, you should also consider your email security. HIPAA compliant email is key to ensuring effective and protected communication with your patients.
Paubox Email Suite allows you to send encrypted emails directly to a patient’s inbox without having to use client portals. We leverage TLS 1.3 encryption to ensure that your emails are safe from unauthorized users.
Paubox includes a BAA with all of our plans, so you can rest assured that PHI is secure with our HITRUST CSF certified software.