Finding a HIPAA Compliant Online Scheduling Platform

by Diana Khoury, edited by Carol Ryan

In today’s digital-driven world, clients expect to be able to go online and book an appointment at their convenience. Some holistic practitioners still keep it old school with a physical appointment book. But it’s become increasingly hard to grow a service-based business without offering some type of online scheduling.

The benefits of an online scheduler

Online scheduling offers benefits to clients as well as the practitioner. It’s convenient, efficient, flexible, and available to clients 24-7. In many cases, you can automate booking confirmation and appointment reminders to reduce your number of no-shows. It also frees you up to spend less time on admin, and more time doing the work you love.

But it’s important to consider your choice of online scheduling platform carefully, to make sure that it meets your needs and protects your clients.

mobile phone and calendar are useful for online appointment booking and scheduling

Protecting your client information

The fact is, when you work with clients in any way, their privacy matters. And when you work with healthcare patients’ personal medical record, the confidentiality of their health information is protected by law through HIPAA.

So you need to be cognizant of HIPAA compliance in every aspect of your practice, including online scheduling.

What does HIPPA compliance mean in online scheduling?

The variety of scheduling platforms available today, and their menu of features, is extensive. Platforms can book appointments, receive payments, arrange meetings with multiple clients, and more. There are paid apps, free apps, and one day soon, apps will be created to help you navigate the multitude of apps!

Many scheduling platforms state that they offer HIPAA compliant appointment booking as a matter of course. They don’t charge extra for this feature, and they don’t require extra paperwork from you to provide it.

The majority state that they expect you to observe good professional practices when texting or emailing your clients through the scheduling platform.

But here’s the thing – whatever app or desktop package you use to do your scheduling is just that – it’s an app, or a software package, it’s a tool.

These tools can offer secure unhackable processing of your clients’ data, promise not to store or sell that data, and act in HIPAA-compliant ways, just like you’re required to do.

But a software tool itself is not inherently HIPAA compliant. HIPAA is about your business practices and procedures. It’s up to YOU as a practitioner to be handle your client data with care and ensure you’re compliant with all HIPAA requirements.

What an online scheduling platform can do is assure that they will protect your client data. This ‘assurance’ comes in the form of a Business Associate Agreement, a promise from your service provider that they will take as much care with your data as you yourself are required to. Here’s a great article about the BAA.

So, armed with that information, let’s take a look at some main contenders for online appointment booking, and see what they offer in terms of data security for your clients. 

Online scheduling platforms that respect patient and client privacy

Full Slate

Full Slate offers a basic appointment scheduling package.  For one user, it’s $30 a month. You can schedule appointments, receive payments, take bookings for classes, send automatic email reminders and text messages. 

Full Slate’s HIPAA compliance statement is here, and is an inherent part of all of the packages they offer. They state, as they should, that “Though, as with any technology, it’s incumbent upon you to properly incorporate Full Slate into your business practices and make your own assessment of your resulting overall HIPAA compliance, you can use Full Slate to meet your online scheduling needs while meeting your HIPAA obligations.”


Schedulicity offers a cafeteria-style scheduling package. You only pay for the services you choose. Each service runs around $5 – $10, giving it a satisfying simplicity. You can just use it to book appointments, or you can add in payment processing, email connection to clients, and booking of packages that cover multiple appointments or services.

Schedulicity has this to say about compliance: “HIPAA Privacy Rules focus on protections for personal health information held by covered entities and gives patients certain rights with respect to that information. Software tools and software services cannot be HIPAA-compliant, simply because software is a tool and not a business practice.

“It is important to understand that the term ‘HIPAA Compliance’ refers to an organizational obligation and procedural integrity, but not to a technical specification or particular software tool. HIPAA regulations do not apply to Schedulicity as Schedulicity does not perform insurance or related transactions (HIPAA transactions), and does not collect any medical history.”

You can read the full article here.  Make no mistake, Schedulicity guarantees secure payment processing, and takes care not to share your clients’ personal information, but their statement is correct – they cannot be HIPAA compliant, only you can do that.


MindBodyOnline seems to be a more expensive option.  It offers a selection of packages with different marketing and analytics reports. MBO does allow for HIPAA compliant data processing, at no extra cost, but it is your responsibility to contact them and request a Business Associate Agreement.  Without that document on file, you waive all rights to expect HIPAA compliance. Their security policy is here.

Acuity Scheduling

Acuity Scheduling offers a free version with limited tools. The paid version offers three levels, each with more options. This platform can schedule clients, send invoices, receive payments, advertise packages for groups of appointments, classes, and workshops, and incorporate many other useful tools into your practice.

Acuity Scheduling offers a HIPAA compliant option, but you do need to sign up for their top of the line Powerhouse package ($50 a month) to get it. You will then be required to complete a Business Associate Agreement to ensure HIPAA compliance. 

This is the scheduling platform I use for my business. My company  does marketing and web design; we don’t handle clients’ private medical information so I don’t need the HIPAA feature. That being said, I find Acuity Scheduling to be versatile, customizable, and easy to use. And I love that it sends out automatic appointment reminders to my clients the day before our meetings. This feature alone has saved me a lot of admin time. 

If you want to check it out, here’s my affiliate link. 


PocketSuite offers a mobile based app for Android or iPhone. You can use it to schedule appointments, process payments, book classes, sell packages of classes or services. The basic package is free, but to connect this app to your webpage or social media sites requires an upgrade to a paid package. 

PocketSuite does comply to HIPAA. Their HIPAA statement serves as their Business Associate Agreement. PocketSuite’s HIPAA statement can be found here.


Jane is a web-based app that offers two levels of service and a pricing scale that grows with the number of practitioners in your business, making it an affordable option for most. The layout is clean and beautiful, offers digital charting, and has a reputation for being easy to use. 

Jane‘s HIPAA statement is here, and it’s comprehensive. Scroll down the page for a ‘Top 10 To Do List’ that will help you navigate setting up a HIPAA compliant practice, or serve as a useful check to make sure you are fully compliant in your practice. Whichever app you choose, this list is a must read.

In Summary

Your clients’ personal information is as safe as you keep it. Some of the scheduling programs claim to be HIPAA compliant, some ask you to sign a Business Associate Agreement before they will promise to ensure compliance.

But those that really have their heads on straight actually state that they cannot guarantee compliance, because they are providing a software tool, and HIPAA compliance is about your business practices and procedures, and how you use and protect your clients’ information.

If you’re looking for an online scheduling platform, consider your needs and review the tools that the above platforms provide. Determine which platform will support you and protect your clients’ information best.

Even if you’re on a budget, it is worth paying a little more to get robust support from your online scheduling provider, and ensure the continuing privacy of your clients’ information.

This is an original article from Alternative Health Marketing. If you’d like to republish this article on your blog or print publication, you may do so freely with the acknowledgement, “This article is republished with permission from Alternative Health Marketing,” and provide a link back to the original article. It would also be great if you could email us and let us know where it’s being published. 

Like this post and want more great marketing tips? 

Alternative Health Marketing is committed to helping holistic practitioners and conscious business owners attract more ideal clients with a professionally designed website, targeted brand messaging, and a marketing plan that has impact. Sign up for a free 30-minute consultation to learn how we can help you reach your practice goals. 

Leave a Reply

Your email address will not be published. Required fields are marked *