Use BAA agreements to make Calendly HIPAA

Answered

Comments

15 comments

  • Official comment
    Avatar
    Hannah McIntosh

    Hello,

    Thank you for the valuable feedback! Happy to explain what precautions we take today. Calendly is a secure platform and we take all measures necessary to ensure your patients' information is safe. These measures include:

    • Encrypting all data at rest and in transit using 256-bit encryption.
    • Hosting Calendly on Amazon Web Services. We leverage all of the platform's built-in security, privacy and redundancy features to keep your data safe.

    While we do take the above security measures and more, Calendly should not be used for collecting Protected Health Information (PHI). Calendly is never able to read patients' medical details, private information, etc. and is only able to read the free/busy status of events in your calendar in order to avoid double-bookings.

    As a final layer of precaution, we encourage users who prioritize HIPAA compliance to refrain from including any personal or medical questions in the question form invitees complete when scheduling. If your Calendly usage does not deal with PHI or you are not a specialty practice as defined by HIPAA legislation, you may not require a HIPAA compliant solution and should consult your legal team on your compliance needs.

    Since we are not HIPAA compliant, we do not sign BAAs at this time. 

    Best,

    Hannah at Calendly

    Comment actions Permalink
  • Avatar
    Voices Counseling and Coaching Services (Edited )

    Then I would like to alter my request to say " Please do BAA agreements with businesses of all sizes."  I would pay more per month for this.  I signed up for an electronic health record system that has a scheduling tool but it is so so so so inferior to Calendly.  It has strengths in other areas like in documentation and integrated billing.  But the scheduling tool is extremely simple, with only one way syncing with Google Calendar, only one calendar within it, you cant create your own tags or categories,  etc. I have looked high and low and none of the EHR software does what Calendly does.  I think many, many practitioners like myself would pay extra to be able to use Calendly.  I really hope your team will consider a separate price point for HIPAA friendly Calendly, so that you can offset whatever costs are associated with managing BAA agreements,  because I think people would pay for it.   Thank you. 

    3
    Comment actions Permalink
  • Avatar
    Barbara Griswold, LMFT

    Yes!!!  I second that last comment!  I'd pay twice as much per month for the BAA option.

     

     

    2
    Comment actions Permalink
  • Avatar
    Danny Miller

    Given the spread of covid-19, all systems that can ease the burden on the healthcare system, and/or increase access to care should have more than enough motivation to do so. I believe calendly is one of these systems. Whereas in the past, yall may have had a point regarding the cost associated with developing BAA's, I believe that argument rings empty today. I'd really like you all to reconsider incorporating BAA's, so all the healthcare providers in this thread can focus their attention on helping people vs managing appointments.

    2
    Comment actions Permalink
  • Avatar
    Kansas City Direct Primary Care

    Bringing an old convo back to life, but this would be super helpful for any/all healthcare entities!  Would love to have a BAA with you all.  Thanks :)

    1
    Comment actions Permalink
  • Avatar
    Naya Barretto

    Having a BAA with calendly would make a big difference for me as well. I have been using calendly a bit and I like it but will have to look for other options if I can't get a BAA.  Patients and providers can benefit from a BAA.  Please consider this option.  I would pass the word to other providers.  Thank you

    1
    Comment actions Permalink
  • Avatar
    Juliann Montemayor

    Have there been any steps by Calendly to develop a BAA for HIPAA compliance? This seems to be a missed opportunity for Calendly and certainly for your paying customers. This feature, as well as the ability to offer discount codes, will definitely impact my decision to stay with Calendly or find another scheduling service. 

    Thank you 

     

    1
    Comment actions Permalink
  • Avatar
    Barbara Griswold, LMFT

    Calendly,

    I have two ideas for improvement:

    1) As a private practice psychotherapist who submits claims electronically, I am forced to be HIPAA compliant.  Therefore, I am told by my HIPAA expert that I must use HIPAA compliant vendors, which means I need to use ones with a BAA.  While you seem to be suggesting that you just need to avoid asking PHI questions to invitees, even asking a client's name, phone number, and email address can be considered PHI, so I  I don't understand why this can't be furnished for small practices like mine. I will have to go elsewhere if that can't be fixed, and I really love Calendly (as do my clients).

    2) My other issue is when a client cancels, and I delete their appt in my icalendar, I wish it would be deleted from the CAlendly calendar.  It continues to show as a busy event even though it isn't.  I have to go onto the dashboard and cancel it there, and if I forget this is a problem.  

    0
    Comment actions Permalink
  • Avatar
    Tim DaGraca

    Hi @Barbara,

    Thank you for the feedback. Our team would be willing to extend security protocol for teams of 150+ or more. If that sounds like something you'd be interested in, please let us know here, via support ticket.

    In terms of your iCloud calendar not cancelling events in Calendly, this is expected behavior. We suggest cancelling/rescheduling from the master source (Calendly) so that event changes are triggered elsewhere (iCloud, Apple calendar, etc.)

    For Google Calendar and Office 365, there is a setting that Calendly has built-in labeled, "Sync Cancellations." Events declined or deleted in your calendar trigger the cancellation in Calendly, as well. This works by using Calendar Invitations; but, because Apple does not utilize Calendar Invitations for its iCloud calendar/Apple Calendar application, the feature is unavailable.

    Tim DaGraca
    Senior Product Specialist
    The Calendly Team

    0
    Comment actions Permalink
  • Avatar
    Voices Counseling and Coaching Services

    Why does it have to be teams of 150 or more? My fax service (faxage) ,. GSuites, and several other companies will do a BAA with a private practice solo practitioner . Very few,
    in the mental health industry belong to mental health practices with 150 people in them. Those larger institutions use very expensive EHR systems that are not cost effective for smaller businesses . I am curious what makes it complicated or difficult to do this with independent practices? I would be willing to pay a fee for the BAA. Your product is truly superior to the EHR scheduling tools available to us at our level of business.

    0
    Comment actions Permalink
  • Avatar
    Voices Counseling and Coaching Services (Edited )

    Or,. Maybe if you partnered with a company like Simple Practice you could somehow do an integrated calendar option through or with them?

    0
    Comment actions Permalink
  • Avatar
    Barbara Griswold, LMFT

    Yes, I'd also like to hear why it has to be teams of 150 or more, when so many vendors are willing to do BAAs with individual providers -- if you are willing to do protections at all for large groups it would seem you could provide the same protections spelled out for solo providers.

     

    0
    Comment actions Permalink
  • Avatar
    Tim DaGraca

    Hi @Voices Counseling and Coaching Services and @Barbara Griswold,

    This is the threshold that we've established in which we are able to round up the resources for extended security protocol. If you have any further questions about how we can help you specifically, please reach out to our support team, here.

    Tim DaGraca
    Senior Product Specialist
    The Calendly Team

    0
    Comment actions Permalink
  • Avatar
    Danielle Gagnon

    I agree! I love Calendly and currently have clients opt-in to use it for scheduling, but it would be less complicated for me if it had a BAA and I would pay double what I'm paying now.

    0
    Comment actions Permalink
  • Avatar
    Dr. Erin Alexander

    I would like to add to the chorus! Calendly is an excellent service and could be a wonderful tool for therapists and other covered entities (HIPAA) who require a BAA. Please consider adding this option/feature.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.