Yes, Acuity Scheduling is HIPAA compliant. The company will sign a BAA, and covered entities can enable HIPAA-related features in their accounts.
Acuity Scheduling is part of the Squarespace platform. While many aspects of Squarespace aren’t HIPAA compliant, Acuity Scheduling includes design features that allow covered entities to comply with HIPAA regulations.
Customers can manage notification settings to limit access to protected health information (PHI). For example, they can prevent emails from displaying the from and reply-to fields that show the patient’s name and email address. You can contact Acuity to disable the feature that attaches a calendar file (ICS invite) containing the client’s name, appointment time, and appointment type to appointment confirmation and rescheduling messages.
Covered entities need to sign up for the Powerhouse Player plan to enable security features required for HIPAA compliance. Access the Customize Appearance section to manage Scheduling Page Options, and then select the option to enter into a BAA using an electronic signature. Customers on Enterprise plans have the option to use custom BAAs.
A third-party security consultant has reviewed and verified Acuity’s HIPAA compliance.
Readers should perform their own research before making the final decision. The information on the JotForm HIPAA Compliance Checker does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.