SimplyBook.me appointment and scheduling software is HIPAA compliant since 2015! For this we have done various changes to our internal work procedures. We have for example defined specifically on who in the team can access such data and restricted all access. We have also hardened this access to potentially sensitive data via various methods so that only those who qualify can have this access. For our HIPAA compliant appointment software users we have created a special medical plugin that will help them to be HIPAA compliant and will protect their patient data with additional security methods. If a user of SimplyBook.me is HIPAA compliant, he must use this Medical Compliant Appointment Scheduler (HIPAA) plugin. It uses double authentication login which makes all prohibited access much more difficult. This means that users that login into the system must not only have user and password information, but they also need to have access to a phone where a verification code is sent each time a user connects to the system. All communication is forced through SSL and you can have system send notification to a certain security email that to inform about all access to the system. Additionally , it allows users to set a timeout for logins so that if user is not accessing the system for a predefined time, the system disconnects the user to hinder unauthorized access by others through open login. You should however also use screen lock with password for further security as the page can still display information, although some unauthorized person could not browse on other places in the system after disconnection.
Users who enable the Medical HIPAA plugin also block all access from SimplyBook.me support personnel to these appointment systems. This means that you can not ask our live support to go into your system to get help. and since mobile devices go all around, are easily accessible and frequently get lost we disable the SimplyBook.me mobile app when the Medical HIPAA plugin is enabled. This is done to further protect delicate clients information.
Anyone who wants security hardened appointment system, even if they are not working directly with patients, should enable the Patient data protection plugin.
Remark: You are still responsible for maintaining your own protocols and security for all access to clients data to protect it. Our HIPAA compliance and plugin does not relieve you from taking care of this. If you need to become HIPAA compliant, you need to go through all potential risks on your premises, and around your client data. You need to assess this risk, address it and protect your patient’s privacy and data with proper protocols. You need to limit all access to this client data to only the relevant personnel and take steps to avoid that anyone who should not have access to this data can not get it. There is plenty of materiel on the internet about HIPAA compliancy. Here is a link to one such site with interesting material about HIPAA compliance. You need to investigate well how your own company or organisation becomes HIPAA compliant and get help from qualified specialists if needed.