10to8's HIPAA (Health Insurance Portability and Accountability Act) tools are available to users with Premium and Enterprise/Bespoke plans. If you'd like to chat with our sales team about upgrading to Premium or building a bespoke plan for your business, click here to book a call.
This guide guides you through various steps to begin setting up your HIPAA-compliant 10to8 account.
SECTIONS:
Collecting social security numbers
Removing PHI (Protected Health Information) from automated communications
10to8's HIPAA checklist
To ensure your account is compliant with HIPAA regulations, we offer an easy-to-use checklist, which can be found under 'Setup' > 'GDPR & HIPAA'. You'll need to enable 10to8's HIPAA security tools to view the checklist. Simply click the tickbox for each option to select/deselect them.
Collecting social security numbers
If you need to collect social security numbers from your customers at the time of booking, tick the 'Enable Social Security Number (SSN)' option in the checklist. Your customers will then have the option to enter their social security number when booking appointments.
You can make SSN mandatory at booking by ticking 'Make giving a Social Security Number mandatory when a Customer books online'.
Removing PHI (Protected Health Information) from automated communications
As the BAA (Business Associate Agreement) does not cover our third-party SMS and email providers, you will need to make sure that you remove all PHI from automated communications. Tick 'Remove all personal information from automated 10to8 SMS and email' to do this.
To find out more about how to edit 10to8's default email and SMS messages, click here.
If the name of your business or the type of appointment itself could be considered PHI, then you should also tick 'Remove booking information links from communications'. This removes the links to the appointment management page. Please note that once removed, customers will not be able to cancel or change their appointments online. Nevertheless, they can still reply to their notifications to get in touch with your business.
HIPAA Privacy Policy
To set a privacy policy, tick 'Set HIPAA Privacy Policy'. You can then input the URL to your privacy policy. This uses 10to8's opt-in feature which requires your customers to agree to the privacy policy when they book appointments with you.
