Do I need Jotform HIPAA Gold to use this kit?
Yes. Every form, every email, every SMS in this kit runs under your HIPAA Gold account and signed BAA. The kit's clone links require HIPAA features to be enabled on your Jotform account, which only happens after Jotform countersigns the BAA. If your practice does not collect PHI through the booking workflow (rare for medical), the wellness Appointment Kit is the right choice at $129.
How is this different from the wellness Appointment Kit?
Same booking, payment, intake, and reminder workflow. The difference is every step is configured for HIPAA: PHI fields flagged and encrypted, audit log enabled, BAA-covered Google Workspace calendar, SMS reminders that never contain PHI in the message body. The wellness version is built for salons, coaches, and fitness studios and does not need any of that overhead. The medical version is built specifically for practices that collect PHI during booking.
What does it cost compared to Calendly plus a separate HIPAA tool?
Calendly does not offer a BAA on standard plans, so a HIPAA-compliant Calendly stack means Calendly Teams plus a HIPAA-eligible intake tool plus a HIPAA-eligible reminder tool, each with its own BAA. Combined that is roughly $80 to $150 per month on subscriptions before you count the integration work. The Medical Appointment Booking Kit is a one-time $229 (or $399 for setup help) running on a single Jotform HIPAA Gold plan at $99 per month.
Does this work with my EHR (SimplePractice, Athenahealth, eClinicalWorks)?
There is no native EHR integration on the kit. Most practices hand off bookings to an EHR through a custom Google Apps Script or Microsoft Power Automate flow that reads the Jotform submission and pushes it into the EHR's API. The Done-For-You tier includes building that hand-off for SimplePractice, Athenahealth, or any EHR with a documented API. If your EHR has no API, the kit still gives you a clean Jotform submission table you can export daily.
Is the SMS reminder HIPAA-compliant?
The transport channel (SMS) is not itself HIPAA-compliant under any vendor, since SMS is not an encrypted protocol. What makes the workflow HIPAA-safe is keeping PHI out of the SMS body. The kit's default reminder copy includes only the date, time, and provider name. It never mentions the visit type, diagnosis, or any clinical detail. Jotform's HIPAA Gold plan covers the SMS service inside your BAA, so there is no separate Twilio agreement to chase.
Can I use this for telehealth-only practices?
Yes. The visit-type picker can be configured to deliver a HIPAA-eligible video link (Zoom for Healthcare, Doxy.me, or your own) in the confirmation email. Pair with the telehealth-pre-visit kit to add the consent and e-signature step before the call. The whole flow ends with the patient on a HIPAA-compliant video call without a back-and-forth email thread to the front desk.
Does the kit handle insurance verification?
No, and that is intentional. Insurance verification is a different workflow with its own data model (carrier, member ID, policy number, group number, eligibility check). Bolting it onto the booking flow makes both forms longer and harder to maintain. Use the hipaa-insurance-verification kit alongside this one if you need that step. The two kits are designed to chain together.
What about audit logs and access controls?
Jotform HIPAA Gold gives you an audit log of every PHI submission, view, edit, and export event. The PDF setup guide walks through enabling IP restrictions, two-factor authentication for every staff user, and role-based access on submissions. Most compliance officers want to see all three before signing off, and the kit's checklist covers all of them.
Can I set buffer time and lead time per visit type?
Yes. The calendar integration respects buffers, lead time, and availability windows you configure per visit type or per provider. A 45-minute new-patient visit with a 15-minute buffer correctly shows the next slot 60 minutes later. Pro and Done-For-You tiers include the setup for this; Base tier ships with documentation if you want to configure it yourself.
Does the kit prevent double-booking?
Yes, that is the point of two-way calendar sync on a Workspace account. The time slot picker pulls live availability from each provider's calendar at the moment a patient opens the form. If the medical assistant blocked time on Google Calendar five minutes ago, that block shows up. Two patients cannot grab the same slot because the slot disappears the moment the first patient's payment authorizes.
How does the no-show automation work?
If a patient books but does not show, a follow-up email goes out automatically with a rebooking link. You can configure a no-show fee to charge automatically against the card on file (Stripe's saved card feature), or just send the rebooking offer with no fee. Most practices start without the fee and add it after a month once they see the no-show rate in their own data.
