What Is This Product?
Schedulicity is an online scheduling tool that offers client self-scheduling, reminders, and payment integration. At first glance, their page about using their product for healthcare seems to hit all of the right Person-Centered Tech buttons about HIPAA compliance stating that they enjoy working with those in the healthcare field.
“We love having health care businesses join our family, and we totally respect the guidelines that you need to follow. First and foremost, Schedulicity takes security and privacy very seriously. We’re a very transparent and honest company and we strive to keep the interests of your business and your clients at the center of what we do.”
However, Schedulicity takes an unfortunate turn:
“Please note that the following information is unencrypted in Schedulicity: Reservation confirmation and reminder text messages and emails that include the client’s name and/or scheduled service. Reservation notification emails and text messages that are delivered to service providers and include the client’s name and scheduled service.”
Wow! Roy would like to remind you that ePHI most certainly includes customer names, contact info, appointment times, and payment information. We do not recommend Schedulicity for any of your appointment-y needs. For a deep dive into what constitutes PHI, and how to protect PHI, please see our CE for OH course — access included in membership — “How to Identify HIPAA Protected Health Information: Finding Your Clients’ Sensitive Information Wherever It Goes.”
Finally, Schedulicity also does not offer the requisite BAA which is the vital facilitator in allowing you to maintain HIPAA compliance. This is a non-negotiable aspect for any HIPAA covered entity.