Hello @Body57388! GREAT question.

Calendly is a secure platform and we take all measures necessary to ensure your patients' information is safe. These measures include:

• All connections from the browser to the Calendly platform are encrypted in transit using TLS SHA-256 with RSA Encryption as well as at rest.
• We leverage the Heroku platform to serve our Calendly website. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers utilizing the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. 
• Information security responsibilities are communicated and frequently reviewed with all employees

While we do take the above security measures and more, Calendly should not be used for collecting Protected Health Information (PHI). As a final layer of precaution, we encourage users who prioritize HIPAA compliance to refrain from including any personal or medical questions in the question form invitees complete when scheduling. 

If your Calendly usage does not deal with PHI or you are not a specialty practice as defined by HIPAA legislation, you may not require a HIPAA compliant solution and should consult your legal team on your compliance needs. You can review our Privacy Policy on our website for additional details, but please let me know if you have additional questions about this!