How to enable HIPAA Compliance using automated BAA in schedule.so
HIPAA Compliance in Schedule.so allows you to securely handle sensitive healthcare data as part of your scheduling workflows. This feature is available only for accounts configured in the US region and requires completing a Business Associate Agreement (BAA).
The BAA defines how protected health information (PHI) is handled between your organization and Schedule.so. Once completed, your account is set up to operate in a more compliant and secure environment for healthcare-related scheduling.
Access the Compliance Section
To begin the setup, navigate to the Compliance section inside your Schedule.so account. This area displays all supported compliance standards. From here, locate the HIPAA Compliance card and click Request BAA to initiate the process.

Add the Authorized Signer
After starting the request, enter the details of the person who is authorized to sign the agreement on behalf of your organization.
This is the person who will receive the signing request and complete the BAA. Once these details are submitted, the HIPAA request moves into a pending state while the agreement is being completed.

Complete the Agreement
After the signer details are submitted, Schedule.so sends the agreement for signature.
The signer can open the email, review the document, and continue with the signing process. As part of this flow, they will need to fill in the required organization information, such as the name of the clinic, type of clinic, and clinic address. Once those details are completed, the signer can finalize and sign the agreement.

Compliance Status Update
After your side completes the signing process, the HIPAA compliance status may show Waiting for sign. This means the agreement is now waiting for the Business Associate to complete the remaining signature step. At this stage, the request is still in progress, even though your part has already been completed.

Confirm HIPAA Activation
Once the Business Associate completes the final signature, the HIPAA compliance status changes to Active. After activation, the completed BAA becomes available to download. You can also download the HIPAA compliance certificate from the same section.
You will also see the HIPAA Compliant badge appear in the top-right corner of your account. This confirms that the HIPAA compliance setup has been completed successfully.

