Is Acuity HIPAA compliant for therapists and private practices

Running a therapy practice today almost always includes some form of online scheduling. Clients expect to book sessions easily, and clinicians want systems that reduce the back and forth of email coordination.

Acuity Scheduling has become a popular tool because it simplifies appointment booking, sends reminders, and integrates with many websites. But for therapists and healthcare professionals, the question is not just convenience.

The real question is this: is acuity hipaa compliant?

When you work in mental health or healthcare, your systems must protect sensitive client information. The tools you choose to schedule appointments, collect intake forms, and communicate with clients must follow strict privacy standards. Otherwise, you risk exposing protected health information and putting your practice at legal risk.

In this guide, we will break down how HIPAA compliance applies to scheduling tools, whether Acuity can meet those standards, and what therapists should consider before using it in their practice.

In case you are new here, I am Natalia, and I support therapists and wellness professionals through strategic website design, SEO, and marketing systems that help them grow without burnout. If you want to understand who we are and what guides our work, you can explore my web design for therapists here.

What HIPAA compliance actually means for therapists

Before answering whether Acuity is HIPAA compliant, it helps to understand what HIPAA compliance actually requires.

HIPAA stands for the Health Insurance Portability and Accountability Act. This law protects patient privacy and regulates how healthcare providers store and transmit sensitive information.

For therapists, this means every digital tool used in the practice must safeguard protected health information, often referred to as PHI.

What counts as protected health information

Protected health information includes any data that can identify a patient and relates to their health or treatment.

Examples include:

• Client names
• Email addresses connected to therapy appointments
• Intake form information
• Session notes
• Medical or mental health details

Even something as simple as a therapy appointment request could contain protected health information if it identifies a client and their connection to treatment.

Why scheduling software must meet HIPAA standards

Scheduling tools often collect more information than most clinicians realize.

They may store:

• Client names and emails
• Appointment history
• Session types
• Intake form responses
• Payment information

If a platform stores or processes this type of information, it must follow strict security standards under HIPAA.

Common risks when using non compliant scheduling tools

When a scheduling tool is not HIPAA compliant, therapists may unknowingly expose sensitive client data.

Common risks include:

• Unencrypted data storage
• Insecure email notifications
• No formal agreement protecting patient data
• Third party integrations that access client information

This is why healthcare providers must carefully evaluate whether a platform truly supports HIPAA compliance.

What is Acuity scheduling

Acuity Scheduling is an online appointment booking tool that allows businesses to automate how clients schedule meetings, sessions, or consultations. It is also an integrated tool to Squarespace websites.

Instead of coordinating appointments through email or phone calls, Acuity gives clients a calendar where they can choose an available time, book instantly, and receive automatic confirmations and reminders.

For therapists and wellness professionals, this type of tool can simplify the intake process and reduce administrative work throughout the week.

How Acuity Scheduling works

Acuity connects directly to your calendar and displays available time slots on a booking page. When a client schedules an appointment, the system automatically adds the session to your calendar and sends confirmation messages.

Depending on how the platform is configured, Acuity can also handle:

• Appointment reminders by email or text
• Client intake questionnaires
• Payment collection for sessions
• Time zone adjustments for virtual appointments
• Calendar integrations with tools like Google Calendar or Outlook

For many practitioners, this makes it easier to manage scheduling without hiring additional administrative support.

Why therapists often consider Acuity

Therapists are often drawn to Acuity because it offers a simple and flexible booking experience that can be embedded directly into a website.

Clients can visit your website, select a session type, and choose a time that works for them without needing to email back and forth. This creates a smoother experience for both the therapist and the client.

It also helps reduce missed appointments by automatically sending reminders and confirmations before each session.

Where Acuity fits into a therapist website

On many Squarespace therapist websites, Acuity is used as the tool that powers the “book a consultation” or “schedule an appointment” button.

Instead of sending visitors to a separate platform, the scheduling calendar can be embedded directly into the site so the booking process feels seamless.

However, because therapy involves sensitive client information, clinicians must ensure that any scheduling platform they use is configured properly to protect privacy and comply with healthcare regulations.

This is why the question of whether Acuity is HIPAA compliant becomes so important for therapists and healthcare providers.

Is acuity scheduling HIPAA compliant

The short answer is: Acuity Scheduling can be used in a HIPAA compliant way, but only under specific conditions.

By default, many general business tools are not automatically HIPAA compliant. However, some platforms offer HIPAA enabled versions for healthcare professionals.

Acuity Scheduling does provide a HIPAA capable configuration when certain requirements are met.

The short answer therapists need to know

Acuity can support HIPAA compliance if you:

• Enable their HIPAA compliant plan
• Sign a Business Associate Agreement
• Configure settings correctly to protect patient data

Without these steps, the platform should not be used to collect protected health information.

When acuity can be used in a HIPAA compliant way

Acuity can be used by therapists when the following elements are in place:

• A signed Business Associate Agreement
• Encrypted data transmission
• Secure storage of client information
• Proper configuration of intake forms and reminders

These measures help ensure that the platform handles patient information responsibly.

When acuity is not considered HIPAA compliant

Acuity is not HIPAA compliant if:

• No Business Associate Agreement is signed
• Sensitive client information is stored without security settings enabled
• Notifications expose private data through email or SMS
• Integrations share patient information with third party tools

Therapists should carefully review how the software is configured before using it with clients.

Does acuity provide a business associate agreement?

One of the most important components of HIPAA compliance is a Business Associate Agreement, often referred to as a BAA.

What a BAA is and why therapists need one

A Business Associate Agreement is a legal contract between a healthcare provider and a software company.

This agreement confirms that the company will properly safeguard protected health information.

Without a BAA, healthcare providers are generally not allowed to store patient data on that platform.

How acuity handles BAAs

Acuity offers a Business Associate Agreement for users who request their HIPAA compliant configuration.

This agreement confirms that the platform follows required security protocols for handling patient data.

However, therapists must actively request and activate this feature. You can learn more about the protocol to activateacuity HIPAA compliance here.

Security considerations therapists should know before using acuity

Even when a scheduling platform supports HIPAA compliance, the way it is configured matters.

Many security risks occur because settings are left at their default configuration.

Client intake forms and protected health information

Acuity allows therapists to collect intake forms and questionnaires. These forms may contain highly sensitive information.

Clinicians should avoid collecting unnecessary health data through scheduling forms and instead use secure intake systems when possible.

Email notifications and privacy risks

Automated email reminders may include session details or appointment information.

Therapists should review what information appears in reminder messages to ensure patient data is not unnecessarily exposed.

Calendar integrations and security concerns

Acuity often integrates with calendars such as Google Calendar or Outlook.

These integrations can create privacy risks if calendar events display sensitive client information.

Using neutral labels such as “appointment” instead of client names can help protect confidentiality.

HIPAA compliant scheduling alternatives for therapists

Some therapists prefer using practice management platforms that are designed specifically for healthcare providers.

These tools often include built in HIPAA compliance from the start.

SimplePractice scheduling

SimplePractice offers scheduling, documentation, billing, and telehealth features designed specifically for therapists.

The platform includes built in HIPAA compliance and practice management tools.

TherapyNotes scheduling

TherapyNotes is another practice management system that integrates scheduling with clinical documentation.

It is designed for mental health professionals and supports HIPAA compliant workflows.

Jane App scheduling

Jane App is commonly used by healthcare clinics and therapists for scheduling, charting, and patient management.

The platform emphasizes security and compliance for healthcare providers.

When acuity still makes sense for certain practices

Some therapists still choose Acuity when they want a flexible scheduling tool connected to their website.

If configured correctly with HIPAA compliance enabled, it can be part of a secure system.

The key is ensuring that every tool used in your practice supports patient privacy.

Your therapist website can also handle discovery call booking with a HIPAA compliant alternative - GoHighLevel

Many therapists like the simplicity of tools like Acuity, but there is another option that can give your practice more control while maintaining HIPAA compliant systems.

One of the platforms we often implement for therapists is GoHighLevel, which can be configured to support HIPAA compliant discovery call booking directly from your website.

Instead of sending potential clients to a separate scheduling tool, your website can host a secure booking experience that feels seamless and professional.

Here is what that can look like for your practice.

A secure discovery call booking system

With the right configuration, GoHighLevel allows therapists to embed a scheduling calendar directly into their website while maintaining HIPAA compliant workflows.

This means potential clients can:

• Book a discovery call
• Select appointment times
• Complete secure intake questions
• Receive automated confirmations and reminders

All without exposing protected health information.

A smoother client experience

When someone visits your website looking for support, the last thing you want is friction.

A clear booking flow can help visitors move from curiosity to connection without confusion.

Instead of navigating multiple tools or sending emails back and forth, a client can simply visit your site, choose a time that works for them, and schedule a conversation with you.

This creates a calm, supportive experience from the very first interaction.

Built for the systems behind your practice

Beyond scheduling, GoHighLevel can also support the operational systems that help your practice run smoothly.

Depending on how it is configured, the platform can manage:

• Lead capture from your website 
• Automated appointment reminders
• Secure intake workflows
• Client follow up communication
• CRM tracking for inquiries

For many therapists, this becomes the central system that organizes their website inquiries, consultations, and client journey.

When your website becomes your most powerful employee

Your website should not just sit online waiting to be updated. It should actively support the growth of your practice.

When your discovery call booking, contact forms, and follow up systems are connected properly, your website becomes a system that works even when you are offline.

Someone could discover your website late at night, read about your work, and book a consultation before you even start your next day.

That is the kind of visibility system we help therapists build.

Because marketing should not take over your life. Your website should quietly do its job while you focus on the work that matters most.

Running a therapy practice is complex enough. Your website, scheduling system, and visibility strategy should support your work, not create more stress.

At Natalia Maganda Agency, we design websites and SEO systems for therapists and wellness professionals who want a practice that grows without burnout.

If your current website feels outdated or your systems feel scattered, we can help you build a secure, strategic online presence that attracts aligned clients while protecting their privacy.

Explore our website management services for therapistsand start building a marketing system that works while you live your life.

Related reads:

• Is Calendly HIPAA compliant?
• Is Google Meet HIPAA compliant?
• Zoom for healthcare explained
  
• Is Zoom HIPAA compliant for private practice
  
• HIPAA compliant website for therapists
• What to consider for SEO services for therapist