Mindbody has proactive security measures that appear to meet HIPAA regulations. The company has obtained PCI Level 1 certification, and states that it completes an annual audit and HIPAA risk assessment.
HIPAA-related privacy features include network security, encryption, ePHI protection, access control measures, and a Vulnerability Management Program. System alerts are in place to notify admins of unauthorized access.
Mindbody offers PHI-related protections for appointment scheduling, contact logs, documents, and transactions. Progress notes allow covered entities to record personal information that’s accessible only by authorized personnel.
A business associate agreement (BAA) must be in place before using Mindbody for PHI. Covered entities can email Mindbody to request a signed BAA.