Yes, Mindbody says that it is HIPAA compliant. Also, the company will sign a business associate agreement (BAA).
Mindbody has proactive security measures that meet HIPAA regulations. Not only does this company maintain a PCI Level 1 certification, but it also completes an annual audit and HIPAA risk assessment.
HIPAA-compliant privacy features include network security, encryption, ePHI protection, access control measures, and a Vulnerability Management Program.
These digital lines of defense provide the security needed for protected health information (PHI). System alerts are in place to notify admins of unauthorized access.
Mindbody offers privacy and security for all PHI, including appointment scheduling, contact logs, documents, and transactions. Progress notes are HIPAA compliant, allowing covered entities to record personal information that’s accessible only by authorized personnel.
A business associate agreement (BAA) must be in place before using Mindbody for PHI. Covered entities can email Mindbody to request a signed BAA.