Acuity Scheduling has stated that it enables HIPAA compliance. Covered entities can enable HIPAA-related features in their accounts.
Acuity Scheduling is part of the Squarespace platform. While many aspects of Squarespace may not enable HIPAA compliance, Acuity Scheduling includes features designed to allow covered entities to comply with HIPAA regulations.
Customers can manage notification settings to limit access to protected health information (PHI). For example, they can prevent emails from displaying the from and reply-to fields that show the patient’s name and email address. You can contact Acuity to disable the feature that attaches a calendar file (ICS invite) containing the client’s name, appointment time, and appointment type to appointment confirmation and rescheduling messages.
Covered entities should sign up for the Powerhouse Player plan to enable security features required for HIPAA compliance. Access the Customize Appearance section to manage Scheduling Page Options, and then select the option to enter into a BAA using an electronic signature.