Unified Practice

Article updated June 2019

One of the great features of scheduling software and EHR systems is the Calendar Sync feature. This is where your personal calendar in Google or iCal reflects your clinic appointment calendar; you can easily look at your smartphone and see when patients have booked a session in your acupuncture clinic.

In all of these programs, the acupuncture EHR or scheduling software can modify your personal calendar, but your personal calendar cannot change anything in the clinic program. For example, if you want to block your schedule because you’re sick, you have to do that in the scheduling program, not your Google calendar. This issue is due to the way your calendar and scheduling program are designed to integrate with each other.

While Calendar Sync is a great feature, some practitioners have asked how much information they can view on their calendar. Specifically, some acupuncturists want to see a patient’s name so that they know who is coming to the office. Unfortunately, having a patient’s name on your personal Google, Apple, or any electronic Calendar is not HIPAA compliant.

Also read: 7 Steps Toward Ensuring HIPAA Compliance For Your Acupuncture Clinic

A Closer Look at HIPAA

To understand why having a patient’s name on your e-calendar is not HIPAA compliant, let’s take a closer look at HIPAA itself.

The Health Insurance Portability and Accountability Act of 1996 established a wide range of standards that affect many aspects of modern medical practice in the United States. Of most importance here is how the law clarifies patient privacy, the transmission of electronic health data, and standards for health information technology.

Privacy as related to HIPAA involves the protection and limited transmission of Protected Health Information (PHI). PHI is any information that identifies an individual in relation to their health status. A person’s name is not inheritably PHI — you can find people’s names in phone books. But when a patient’s name shows up in the context of a medical appointment, it becomes PHI.

Another important aspect of HIPAA in relation to Calendar Sync is how HIPAA influences the development and operation of health information technology for the safe transmission of health data. While HIPAA was written more than a decade before the Cloud entered our lives, HIPAA sets certain standards for how data can be transmitted through the Cloud. The Department of Health and Human Services, through HIPAA, sets the standards for how health data is protected and encrypted.

How does this relate to your Calendar? Some companies, like Google, have programmed their data encryption to be HIPAA compliant, while other companies like Apple have not. You can use a variety of programs from Google in your clinic operations in full HIPAA compliance, but only if you use a paid account. Using similar programs from Apple would not be compliant.

While many of us have iPhones and use iCloud, iCloud is not as secure as it needs to be in order to conform to HIPAA’s standards. HIPAA security isn’t just about keeping data secure — it’s much more complex than that. Data storage standards are one part, but disaster recovery plans, and how data are stored, manipulated, and accessed to data for audits, is what allows an EHR system to say they are HIPAA compliant.

When you decide to use an EHR or an acupuncture practice management software, make sure it is HIPAA compliant, but understand that only reflects data storage, not the features of that specific system. If your EHR comes with Calendar Sync, the way information is displayed is what is going to determine HIPAA compliance. If any PHI is present on your calendar, then this is a violation of HIPAA. Showing a patient’s name, initials, or record number in a program outside of the electronic health record is not allowed.

When you are shopping for an acupuncture EHR or scheduling system, be wary of any company that tells you that your patient’s name or other information will sync with the calendar. They may be inadvertently causing you to violate your patient’s privacy.

The Bottom Line

You can benefit from using a Calendar Sync program in your EHR or scheduling program. However, if that calendar displays any PHI, this is not HIPAA compliant and creates a risk to your patient’s health information. Use your calendar sync and enjoy the convenience it provides, but recognize that your personal calendar is not the place for your patient’s information unless you have a HIPAA compliant Cloud.

Besides, if you need to see who is coming to the clinic, just switch over to the EHR app with its secure login and data encryption — one of our favorite Unified Practice features — and see who is on your schedule.