Reading Time: 4 minutes
Reading Time: 4 minutes

New Features In January

10to8 appointment scheduling software now comes with a range of tools to help our clients develop and maintain their HIPAA compliance (the Health Insurance Portability and Accountability Act). These regulatory standards cover how businesses in the US should handle health data within the US. Technically this data is referred to as Protected Health Information (PHI).

10to8 appointment scheduling software now comes with a range of tools to help our clients develop and maintain their HIPAA compliance (the Health Insurance Portability and Accountability Act). Click To Tweet

If you handle US medical data then you are likely to be a Covered Entity (CE) under HIPAA. Likewise if your business is using 10to8 to manage bookings that use or store PHI then 10to8 is one of your Business Associates (BA).

Our tools help you, the Covered Entity, comply with the Privacy Rule and the Security Rule as defined under HIPAA. Using these tools does not automatically make a you HIPAA compliant, and careful set up of the tools are required to make sure they fit how you use 10to8.

Without further ado, here are the major changes in 10to8.

Request a Business Associate Agreement

A Business Associate Agreement (BAA) is a contract between us (the CE) and you (the BA) that covers how 10to8 handles PHI data and our mutual obligations. You can now request a BAA within the 10to8 product by visiting “Enhanced Security” and following the instructions. This is a requirement for you to be HIPAA compliant with 10to8.

Social Security Number Tracking

We have added the capability to collect Social Security Numbers (SSN). This is to help you find and identify patient details easily and uniquely. 10to8 can automatically ask for SSNs at booking.

Collecting SSN for patients allows the CE (you) and BA (10to8) to respond to patient data requests under HIPAA quickly and efficiently. Please note that primary responsibility for responding to information requests lies with the service provider.

BAAs with downstream parties

We have secured BAAs with our downstream partners with whom we share data in order to provide our services. For example, we use Amazon Web Services to store and process your clients’ data, and have a BAA in place with them to guarantee compliance with the Privacy Rule. In cases where our partners are not able to provide BAAs these partner services are automatically restricted when HIPAA tools are activated.

Removing PHI from emails and SMS

In some cases the name of your business or the type and location of booking itself constitutes PHI. To protect your clients’ PHI, HIPAA tools give you the option to remove the name of your business and the booking links from emails and SMS sent by 10to8.

The reason for this is that the name of your business itself might indicate a service or procedure that would qualify as PHI. If you believe for your business this information is sensitive, then you can now tick the option to remove this information from all 10to8 communications.

Please note that if you write to customers using our booking chat feature over either SMS or email that you should not include any PHI.

Removing PHI from calendar sync

10to8 can synchronize your calendar with Google Calendar, iCloud, Exchange, Office365 and Outlook.com. When HIPAA tools are enabled in 10to8 appointment scheduling software, we automatically remove PHI from the synchronizations to protect your clients. You may still click on the link from the booking in a third party calendar to get to your booking in 10to8 – you are required to be logged in.

Limiting third-party tools

10to8 offers integrations through Zapier to hundreds of third-party tools. Unfortunately, the majority of these services are not themselves HIPAA compliant. To protect your patients PHI, when HIPAA tools are enabled, these third-party tools are automatically disabled.


For further information about HIPAA, visit our help center or reach out to our support team.

Start Taking Bookings Online

Create your branded online booking page, benefit from automated SMS & Email reminders, rid your business of wasted time, and reduce appointment no-shows by up to 90%.

No credit card required; free & easy setup.

Richard is the MD and a director of 10to8, responsible for day to day running of the company. He has been with 10to8 for 4 years, joining after completing a PhD at Oxford. Richard previously worked in the City, and at several technology companies and startups.

Richard Hills

Managing Director, 10to8 Appointment Scheduling Software

Looking For The Best Scheduling Software?

See how we compare with our up-to-date comparison guide!

Over 500 Integrations

Get even more from 10to8 with integrations and apps designed to grow your business.

 

 

Facebook Comments

Pin It on Pinterest

Share this post!

Share it with friends or businesses that can find this useful