NoteTo comply with HIPAA, you must sign a Business Associate Agreement (BAA) with OnceHub. The standard OnceHub BAA is available to paid Enterprise accounts. Contact us to enable your HIPAA compliant account.
The Health Insurance Portability and Accountability Act (HIPAA) is United States legislation that provides data privacy and security provisions for safeguarding medical information. ScheduleOnce has built the necessary controls to satisfy HIPAA. HIPAA include two sets of rules, the HIPAA privacy rule and the HIPAA security rule.
The HIPAA privacy rule
The HIPAA privacy rule governs the circumstances under which health data can be disclosed. The rule defines to whom the data can be disclosed, how the data can be used, and how long it should be retained. For example, your OnceHub data is permanently deleted when you stop using our service, fulfilling the HIPAA privacy rule.
The HIPAA security rule
The HIPAA security rule governs how patient data is secured. The rule defines three categories of controls designed to protect patient data from unauthorized disclosure:
- Technical safeguards
- Administrative safeguards
- Physical safeguards
OnceHub has a comprehensive security program that employs a multi-layered control system designed to protect patient data. For example, all patient data is encrypted and our servers are continuously monitored with advanced threat detection tools. The OnceHub security program has been audited to ensure that it satisfies the HIPAA security rule.