10to8's HIPAA (Health Insurance Portability and Accountability Act) tools are only available on our custom plans. Please talk to sales!

To make sure that your account is compliant with HIPAA regulations, we offer an easy to use checklist. You can find it by heading over to "Set Up" > "GDPR & HIPAA" and enabling the HIPAA features.


Social Security Number

If you need to collect Social Security Numbers at booking, you can tick the "Ask for a Social Security Number when a Customer books online" option. Your customer will then have the option to supply their Social Security Number at booking.

Social security number panel


You can also make supplying a SSN at booking mandatory by ticking "Make giving a Social Security Number mandatory when a Customer books online".


Removing PHI (Protected Health Information) from automated communications

As the BAA (Business Associate Agreement) does not cover our third-party SMS and email providers, you will need to make sure that you remove all PHI from automated communications. By ticking the "Remove all personal information from automated 10to8 SMS and email" option, we will remove the details for you.

To find out more about how to edit the default email/SMS messages, please check out our support article on changing the content of automated messages.

If the name or your business or type of appointment itself could be considered PHI then you should also tick the "Remove booking information links from communications". This removes the links to the appointment management page. Please note that once removed, customers will not be able to cancel/change their appointment online. Nevertheless, they can still reply to their notifications, to get in touch with your business.


HIPAA Privacy Policy

Tick this to "Set HIPAA Privacy Policy" and get the option to add a URL to your HIPAA Privacy Policy. This uses 10to8's opt-in feature on your booking page to require your customers to tick-to-agree when they book an appointment. 

What your customers see:

What your customers see