Is HoneyBook HIPAA Compliant?
HoneyBook is not HIPAA compliant and cannot be used to create, collect, store, or transmit electronic Protected Health Information if a healthcare provider qualifies as a HIPAA covered entity or provides services to or on behalf of a covered entity as a business associate. However, this does not mean HoneyBook cannot be used by healthcare providers at all.
HoneyBook describes itself as a client flow management platform for small businesses. The description is accurate inasmuch as the platform is a scaled down version of an enterprise CRM that can be used by small businesses to manage enquiries, schedule appointments, and automate workflows. HoneyBook can also be used for invoicing clients and accepting payments.
Businesses that want more capabilities can upgrade to an Essentials or Premium Plan – both of which also support integrations with apps such as Calendly, Gmail, Outlook, QuickBooks, and Zapier. For many individual healthcare providers and small medical practices, these capabilities are usually sufficient for managing client flow and backroom client administration.
When HIPAA Compliance is an Issue
HIPAA does not apply to all individual healthcare providers and small medical practices. Those who bill clients directly or do not conduct electronic transactions for which the U.S. Department of Health and Human Services has published Part 162 standards do not qualify as HIPAA covered entities and are not required to comply with the HIPAA Privacy and Security Rules – unless they provide services for or on behalf of a covered entity as a business associate.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
In circumstances when HIPAA does apply, the HIPAA Privacy Rule stipulates what types of health information must be protected from unauthorized uses and disclosures. It is important for healthcare providers to be aware that when non-health information is maintained in the same designated record set as Protected Health Information, the non-health information assumes the same protections as the Protected Health Information.
The HIPAA Security Rule dictates how the confidentiality, integrity, and availability of electronic Protected Health Information (and any non-health information stored in the same designated record set) should be safeguarded. This Rule applies not only to a healthcare provider’s internal security, but also to any outsourced services with which electronic Protected Health Information is used. In these cases, the outsourced services must be HIPAA compliant.
Is HoneyBook HIPAA Compliant?
HoneyBook does not have sufficient safeguards to protect the confidentiality, integrity, and availability of electronic Protected Health Information and cannot be considered HIPAA compliant. The company admits as much on a Help Page, where it states HoneyBook has not been designed to accommodate the privacy and security requirements of the healthcare industry, and that implementing measures to make HoneyBook HIPAA compliant is not a priority.
However, the Help Page notes that the company may, in the future, change its targeting – in which case it may prioritize making HoneyBook HIPAA compliant. However, for the present, healthcare providers must not use the platform or any apps connected to the platform to create, collect, maintain, or transmit electronic Protected Health Information – unless a client (patient) has provided a valid authorization for their Protected Health Information to be disclosed to HoneyBook.
Can HoneyBook be Used by Healthcare Providers At All?
HoneyBook can be used by healthcare providers for many purposes provided that HoneyBook’s servers do not have access to electronic Protected Health Information. For example, the platform can be used to receive enquiries that contain names and contact details, schedule appointments (provided the nature of a health condition is not included), invoice patients, and accept payments. Payment processing is exempted by §1179 of the Social Security Act.
However, as there are no options to make HoneyBook HIPAA compliant as there are with some enterprise CRM solutions, healthcare providers that want to use electronic Protected Health Information in patient management and administration activities should source a HoneyBook HIPAA compliant alternative. Alternatives such as Salesforce and Zoho CRM exist, but it will be necessary to enter into a Business Associate Agreement with the vendor and configured the platform to support compliance with HIPAA.
Healthcare providers and small medical practices that require further help understanding client flow management and customer relationship management software are advised to seek professional compliance advice.
