Privacy & Security

HIPAA at Cronofy

Cronofy is committed to maintaining a robust and up to date information security program. A pillar of our commitment to data protection is how we apply HIPAA requirements to all our data.

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act) is a list of legislative requirements that define data privacy and security provisions for private medical information.HIPAA has a number of specific goals; however, the part of HIPAA that applies to Cronofy is the protection of confidential patient data, against fraudulent access, abuse, and/or mishandling of that information.Specifically, Cronofy is interested in Title II of the HIPAA standard, which includes the Privacy, Security, and Enforcement Rules.

What's included in the Title II of the HIPAA standard?

Title II of the HIPAA standard:

  • The Privacy Rule (otherwise known as Standards for Privacy of Individually Identifiable Health Information) sets standards for the protection of patient health information.

  • The Security Rule sets out standards for securing patient data.

  • The Enforcement Rule outlines the process for investigating violations or breaches of HIPAA compliance.

Data classed as private medical information includes, but is not limited to, a patient’s name, address, date of birth, social security number, the patient’s physical or mental health condition, the specific services provided, or any other information that could be used to identify the patient.

Why is HIPAA important?

Cronofy has customers who process patient and health data. The security of that data is paramount to Cronofy. The rules outlined by HIPAA set out the appropriate placement of physical and electronic safeguards, to ensure that patient data is secure in transit, at rest, and upon arrival at its destination.

The rules also outline specific responsibilities with respect to the implementation of safeguards and complaints handling, as well as the training of employees.

Patients have the right to receive, upon request, a copy of their own information.

Serious about Information Security

How does Cronofy ensure it's HIPAA compliant?

Cronofy protects patient data by adhering to the rules set out in Title II of the HIPAA standard. Cronofy has physical, technical, and administrative safeguards in place to ensure that patient data is secure.

Cronofy also ensures that anyone who has potential access to patient data has signed a business associate agreement.

Even if you are a Cronofy customer to whom HIPAA does not apply, all Cronofy customers benefit from the additional security and policies implemented as part of Cronofy's HIPAA compliance.

How can I sign a business associate agreement with Cronofy?

Please contact our support team at who will provide you with a copy of our BAA to sign and return.

Your privacy is paramount

We make sure you keep control of your calendar and that it's private to you and those you'd like to share your availability with. Security is at the core of what we do and we have the best practices to ensure that privacy is never compromised.

ISO27001 certified

ISO27018 certified

ISO27701 certified

SOC 2 attested

GDPR compliant

CCPA compliant

HIPAA compliant

Our team is here to help

If you don’t yet have a business associate agreement with us, or if you have any questions about our approach to the HIPAA compliance, we’re happy to answer any questions you may have.

Get in touch