New Features In January
10to8 appointment scheduling software now comes with a range of tools to help our clients develop and maintain their HIPAA compliance (the Health Insurance Portability and Accountability Act). These regulatory standards cover how businesses in the US should handle health data within the US. Technically this data is referred to as Protected Health Information (PHI).
10to8 appointment scheduling software now comes with a range of tools to help our clients develop and maintain their HIPAA compliance (the Health Insurance Portability and Accountability Act). Click To Tweet
If you handle US medical data then you are likely to be a Covered Entity (CE) under HIPAA.
Our tools help you, the Covered Entity, comply with the Privacy Rule and the Security Rule as defined under HIPAA. Using these tools does not automatically make
Without further ado, here are the major changes in 10to8.
Request a Business Associate Agreement
A Business Associate Agreement (BAA) is a contract between us (the CE) and you (the BA) that covers how 10to8 handles PHI data and our mutual obligations. You can now request a BAA within the 10to8 product by visiting “Enhanced Security” and following the instructions. This is a requirement for you to be HIPAA compliant with 10to8.
Social Security Number Tracking
We have added the capability to collect Social Security Numbers (SSN). This is to help you find and identify patient details easily and uniquely. 10to8 can automatically ask for SSNs at booking.
Collecting SSN for patients allows the CE (you) and BA (10to8) to respond to patient data requests under HIPAA quickly and efficiently. Please note that primary responsibility for responding to information requests lies with the service provider.
BAAs with downstream parties
We have secured BAAs with our downstream partners with whom we share data in order to provide our services. For example, we use Amazon Web Services to store and process your clients’
Removing PHI from emails and SMS
In some cases the name of your business or the type and location of booking itself constitutes PHI. To protect your clients’ PHI, HIPAA tools give you the option to remove the name of your business and the booking links from emails and SMS sent by 10to8.
The reason for this is that the name of your business itself might indicate a service or procedure that would qualify as PHI. If you believe for your business this information is sensitive, then you can now tick the option to remove this information from all 10to8 communications.
Please note that if you write to customers using our booking chat feature over either SMS or email that you should not include any PHI.
Removing PHI from calendar sync
10to8 can synchronize your calendar with Google Calendar, iCloud, Exchange, Office365 and Outlook.com. When HIPAA tools are enabled in 10to8 appointment scheduling software, we automatically remove PHI from the synchronizations to protect your clients. You may still click on the link from the booking in a third party calendar to get to your booking in 10to8 – you are required to be logged in.
Limiting third-party tools
10to8 offers integrations through Zapier to hundreds of third-party tools. Unfortunately, the majority of these services are not themselves HIPAA compliant. To protect your patients PHI, when HIPAA tools are enabled, these third-party tools are automatically disabled.
Start Taking Bookings Online
Create your branded online booking page, benefit from automated SMS & Email reminders, rid your business of wasted time, and reduce appointment no-shows by up to 90%.
No credit card required; free & easy setup.
Richard is the MD and a director of 10to8, responsible for day to day running of the company. He has been with 10to8 for 4 years, joining after completing a
Looking For The Best Scheduling Software?
See how we compare with our up-to-date comparison guide!
Over 500 Integrations
Get even more from 10to8 with integrations and apps designed to grow your business.