Use BAA agreements to make Calendly HIPAA

Answered

Comments

19 comments

  • Official comment
    Avatar
    Hannah McIntosh

    Hello,

    Thank you for the valuable feedback! Happy to explain what precautions we take today. Calendly is a secure platform and we take all measures necessary to ensure your patients' information is safe. These measures include:

    • Encrypting all data at rest and in transit using 256-bit encryption.
    • Hosting Calendly on Amazon Web Services. We leverage all of the platform's built-in security, privacy and redundancy features to keep your data safe.

    While we do take the above security measures and more, Calendly should not be used for collecting Protected Health Information (PHI). Calendly is never able to read patients' medical details, private information, etc. and is only able to read the free/busy status of events in your calendar in order to avoid double-bookings.

    As a final layer of precaution, we encourage users who prioritize HIPAA compliance to refrain from including any personal or medical questions in the question form invitees complete when scheduling. If your Calendly usage does not deal with PHI or you are not a specialty practice as defined by HIPAA legislation, you may not require a HIPAA compliant solution and should consult your legal team on your compliance needs.

    Since we are not HIPAA compliant, we do not sign BAAs at this time. 

    Best,

    Hannah at Calendly

    Comment actions Permalink
  • Avatar
    Barbara Griswold, LMFT

    Calendly,

    I have two ideas for improvement:

    1) As a private practice psychotherapist who submits claims electronically, I am forced to be HIPAA compliant.  Therefore, I am told by my HIPAA expert that I must use HIPAA compliant vendors, which means I need to use ones with a BAA.  While you seem to be suggesting that you just need to avoid asking PHI questions to invitees, even asking a client's name, phone number, and email address can be considered PHI, so I  I don't understand why this can't be furnished for small practices like mine. I will have to go elsewhere if that can't be fixed, and I really love Calendly (as do my clients).

    2) My other issue is when a client cancels, and I delete their appt in my icalendar, I wish it would be deleted from the CAlendly calendar.  It continues to show as a busy event even though it isn't.  I have to go onto the dashboard and cancel it there, and if I forget this is a problem.  

    2
    Comment actions Permalink
  • Avatar
    Timothy DaGraca

    Hi @Barbara,

    Thank you for the feedback. Our team would be willing to extend security protocol for teams of 150+ or more. If that sounds like something you'd be interested in, please let us know here, via support ticket.

    In terms of your iCloud calendar not cancelling events in Calendly, this is expected behavior. We suggest cancelling/rescheduling from the master source (Calendly) so that event changes are triggered elsewhere (iCloud, Apple calendar, etc.)

    For Google Calendar and Office 365, there is a setting that Calendly has built-in labeled, "Sync Cancellations." Events declined or deleted in your calendar trigger the cancellation in Calendly, as well. This works by using Calendar Invitations; but, because Apple does not utilize Calendar Invitations for its iCloud calendar/Apple Calendar application, the feature is unavailable.

    Tim DaGraca
    Senior Product Specialist
    The Calendly Team

    0
    Comment actions Permalink
  • Avatar
    Voices Counseling and Coaching Services

    Why does it have to be teams of 150 or more? My fax service (faxage) ,. GSuites, and several other companies will do a BAA with a private practice solo practitioner . Very few,
    in the mental health industry belong to mental health practices with 150 people in them. Those larger institutions use very expensive EHR systems that are not cost effective for smaller businesses . I am curious what makes it complicated or difficult to do this with independent practices? I would be willing to pay a fee for the BAA. Your product is truly superior to the EHR scheduling tools available to us at our level of business.

    3
    Comment actions Permalink
  • Avatar
    Voices Counseling and Coaching Services (Edited )

    Or,. Maybe if you partnered with a company like Simple Practice you could somehow do an integrated calendar option through or with them?

    1
    Comment actions Permalink
  • Avatar
    Barbara Griswold, LMFT

    Yes, I'd also like to hear why it has to be teams of 150 or more, when so many vendors are willing to do BAAs with individual providers -- if you are willing to do protections at all for large groups it would seem you could provide the same protections spelled out for solo providers.

     

    3
    Comment actions Permalink
  • Avatar
    Timothy DaGraca

    Hi @Voices Counseling and Coaching Services and @Barbara Griswold,

    This is the threshold that we've established in which we are able to round up the resources for extended security protocol. If you have any further questions about how we can help you specifically, please reach out to our support team, here.

    Tim DaGraca
    Senior Product Specialist
    The Calendly Team

    -1
    Comment actions Permalink
  • Avatar
    Voices Counseling and Coaching Services (Edited )

    Then I would like to alter my request to say " Please do BAA agreements with businesses of all sizes."  I would pay more per month for this.  I signed up for an electronic health record system that has a scheduling tool but it is so so so so inferior to Calendly.  It has strengths in other areas like in documentation and integrated billing.  But the scheduling tool is extremely simple, with only one way syncing with Google Calendar, only one calendar within it, you cant create your own tags or categories,  etc. I have looked high and low and none of the EHR software does what Calendly does.  I think many, many practitioners like myself would pay extra to be able to use Calendly.  I really hope your team will consider a separate price point for HIPAA friendly Calendly, so that you can offset whatever costs are associated with managing BAA agreements,  because I think people would pay for it.   Thank you. 

    7
    Comment actions Permalink
  • Avatar
    Barbara Griswold, LMFT

    Yes!!!  I second that last comment!  I'd pay twice as much per month for the BAA option.

     

     

    5
    Comment actions Permalink
  • Avatar
    Kansas City Direct Primary Care

    Bringing an old convo back to life, but this would be super helpful for any/all healthcare entities!  Would love to have a BAA with you all.  Thanks :)

    4
    Comment actions Permalink
  • Avatar
    Danielle Gagnon

    I agree! I love Calendly and currently have clients opt-in to use it for scheduling, but it would be less complicated for me if it had a BAA and I would pay double what I'm paying now.

    3
    Comment actions Permalink
  • Avatar
    Danny Miller

    Given the spread of covid-19, all systems that can ease the burden on the healthcare system, and/or increase access to care should have more than enough motivation to do so. I believe calendly is one of these systems. Whereas in the past, yall may have had a point regarding the cost associated with developing BAA's, I believe that argument rings empty today. I'd really like you all to reconsider incorporating BAA's, so all the healthcare providers in this thread can focus their attention on helping people vs managing appointments.

    5
    Comment actions Permalink
  • Avatar
    Naya Barretto

    Having a BAA with calendly would make a big difference for me as well. I have been using calendly a bit and I like it but will have to look for other options if I can't get a BAA.  Patients and providers can benefit from a BAA.  Please consider this option.  I would pass the word to other providers.  Thank you

    3
    Comment actions Permalink
  • Avatar
    Juliann Montemayor

    Have there been any steps by Calendly to develop a BAA for HIPAA compliance? This seems to be a missed opportunity for Calendly and certainly for your paying customers. This feature, as well as the ability to offer discount codes, will definitely impact my decision to stay with Calendly or find another scheduling service. 

    Thank you 

     

    3
    Comment actions Permalink
  • Avatar
    Dr. Erin Alexander

    I would like to add to the chorus! Calendly is an excellent service and could be a wonderful tool for therapists and other covered entities (HIPAA) who require a BAA. Please consider adding this option/feature.

     

    3
    Comment actions Permalink
  • Avatar
    Lacey Raley

    Hi! I agree that this is a total missed opportunity for Calendly. Limiting their reach to non-healthcare clients is really really disappointing. Only advocating for 150+ companies is also infuriating. I'm not even sure if the largest mental healthcare sites in Nashville, TN would qualify for a team of 150+, that's not how mental healthcare generally operates. Most therapists are classified as small business owners -- please advocate for us to have access (and PAY) for your awesome scheduling technology. 

    I also want to second the partnership opportunity with Simple Practice, a HIPAA compliant service and therapy one-stop-shop for paperwork, billing, and telehealth needs. It would be fantastic. 

    0
    Comment actions Permalink
  • Avatar
    Natasha Walter-Fisk

    @calendy support, Zoom now has a Pro plan with Business Associate Agreement for $12.49 per month paid annually. Why can they do it affordably and Calendy cannot?

    1
    Comment actions Permalink
  • Avatar
    Dr. Cheryl BryantBruce, M.D.

    I'm singing the same song as all of the others here.  I currently have another calendar, with which I am dissatisfied, but use strictly because they are HiPaa compliant with a BAA agreement.  If calendly had a BAA I would also be willing to pay for it.  I am paying the other company.  I really do not want to have to use two different companies for my scheduling needs.  Please get a BAA for small practices and medical solopreneurs.

     

    0
    Comment actions Permalink
  • Avatar
    Laurie Casas/ Only Senior Options

    This is very upsetting that this is not HIPAA/BAA. I can use unless HIPAA/BAA.    What is the progress to get with calendy?   

    0
    Comment actions Permalink

Please sign in to leave a comment.