Product Updates

Calendar Sync and HIPAA Compliance

Posted on April 5, 2017 by Michael

Storing patient data in the cloud? YellowSchedule is designed to HIPAA specifications and we’ve put a great deal of effort into ensuring data security and privacy. YellowSchedule allows you to be HIPAA compliant, but you still need to be careful. Particularly if you are syncing data with different tools which are outside of our control.

sync_1
(Are you syncing PII data to Google/Outlook?)

Many of our customers choose to sync their calendar with tools such as Google Calendar or Outlook. We have excellent integrations with these systems. But there are synchronisation idiosyncrasies that could mean some of your client names could be synced with a google or outlook tool that’s not covered by a Google or Microsoft HIPAA Business Associate Agreement.

Since 2013 google has calendar services for Health Care Professionals on which they are willing to sign a HIPAA business associate agreement on. They will not sign a BAA on the standard version of Google (ie: the non-paid accounts). Similarly, with outlook there is a paid version of Office 365 for health on which microsoft are willing to sign a BAA on but the standard version they will not. If you are syncing with these tools and using the “Healthcare” version covered by either Google or Microsoft there is no problem.

If you are not using the paid versions of these tools you can still sync with them in a HIPAA compliant manner. When creating the sync within our system you should use the option for “Don’t Sync Names” from the Appointment data. Appointments created in YellowSchedule will still have this name, but when they are viewed in Google they will not show the client names. We also have an option to sync and include only the client’s initials as this has been a requested feature but this is option is still technically not HIPAA compliant.

sync_qs_optns
(On the Quickstart Setup under HIPAA options for Google Sync. Use this option if you are bound by HIPAA and you want to sync but don’t have a BAA with the third party Calendar)

sync_optns
Under “Settings” >> “Calendar Sync” (after sync has already been made you can change this settings. Do this if you are bound by HIPAA and you want to sync but don’t have a BAA with the third party Calendar).

The quick rule is if you 1) Wish to sync calendar and 2) Use non-paid version of either google calendar or outlook and 3) Are required to be HIPAA Compliant. Then ensure you select the “Don’t sync names option”.