Vendor BAA Guide

Does Calendly Sign a HIPAA Business Associate Agreement?

Q: Does Calendly sign a HIPAA BAA?

Yes — Calendly signs a HIPAA BAA on Teams ($20/seat/month) and Enterprise plans. Free and Standard plans are not HIPAA eligible and may not be used to collect or process protected health information.

Q: Which Calendly plan supports HIPAA?

Calendly's HIPAA BAA is available on the Teams plan ($20/seat/month) and Enterprise plans. The Free, Standard, and Essentials plans do not include HIPAA BAA coverage and cannot be used with PHI.

Q: Can I use Calendly for telehealth scheduling?

Yes — Calendly can be used for telehealth appointment scheduling when you are on a Teams or Enterprise plan with a BAA executed. This covers use cases where PHI (such as patient name plus appointment reason) is collected in Calendly booking forms.

By BAA Generator Editorial · Published Apr 19, 2026 · Last reviewed Apr 19, 2026 · 5 min read

Key Takeaways

✓ Yes — Calendly signs a HIPAA BAA on Teams and Enterprise plans
✓ Free and Standard plans are NOT HIPAA eligible — do not use them with PHI
✓ BAA is available on request through Calendly's support or sales team
✓ Covered use cases include telehealth scheduling where patient name + appointment reason are collected

Direct answer: Yes — Calendly signs a HIPAA Business Associate Agreement on its Teams ($20/seat/month) and Enterprise plans. The Free, Standard, and Essentials plans are not HIPAA eligible and cannot be used to collect or transmit protected health information. Verify current plan tiers directly with Calendly before processing PHI.

Calendly Plan Comparison: HIPAA Eligibility

Calendly offers several plan tiers. Only Teams and Enterprise plans include HIPAA BAA availability:

Calendly Plan	HIPAA BAA Available?	Approximate Price
Free	No	$0
Standard	No	~$10/seat/month
Teams	Yes	~$20/seat/month
Enterprise	Yes	Custom pricing

Prices above are approximate and may have changed. Always verify current pricing on Calendly's website.

When Does Calendly Become a HIPAA Business Associate?

Calendly becomes a Business Associate — and a BAA is required — when it collects or processes Protected Health Information on behalf of a Covered Entity. In practice, this happens when:

You collect patient names alongside appointment reasons or health-related service types in Calendly booking forms
You use Calendly for telehealth intake where the patient's health condition is referenced
Calendly stores appointment data that, combined with other information in your systems, constitutes PHI

If you use Calendly purely for internal team scheduling with no patient PHI passing through the system, a BAA may not be required. However, most healthcare organizations that use Calendly for patient-facing scheduling should have a BAA in place.

How to Get a HIPAA BAA from Calendly

The process to execute a HIPAA BAA with Calendly is straightforward:

Step 1: Upgrade to the Teams or Enterprise plan if you are not already on one.
Step 2: Contact Calendly's support team or sales team to request the BAA.
Step 3: Calendly will provide their standard BAA document for review and execution.
Step 4: Sign and retain the executed BAA in your HIPAA compliance records.

Unlike some enterprise vendors, Calendly has made their BAA process relatively accessible — it does not require lengthy negotiation for most healthcare organizations.

Telehealth Scheduling: What PHI Calendly Handles

For telehealth and healthcare providers, the most common PHI that passes through Calendly includes:

Patient name (an identifier under HIPAA)
Email address or phone number linked to an appointment
Appointment type or reason (if it references a health condition or service)
Custom form fields used for intake questionnaires

Even something as simple as "appointment type: therapy session" combined with a patient's name can constitute PHI. If any of this data passes through Calendly, you need the Teams or Enterprise plan and an executed BAA.

Calendly Integrations and PHI Risk

Many healthcare organizations connect Calendly to other tools via integrations — Google Calendar, Zoom, HubSpot, or custom webhooks. Each integration is a potential vector for PHI exposure. When evaluating your Calendly setup:

Confirm that integrated tools also have BAAs executed (e.g., Zoom for telehealth)
Review what data Calendly passes to connected apps via webhooks or API
Avoid routing PHI-containing Calendly data through non-BAA-covered tools (e.g., Zapier, which does not sign a BAA)

For a broader review of which vendors sign HIPAA BAAs, see our vendor BAA lookup guide.

Frequently Asked Questions

Does Calendly sign a HIPAA BAA?

Yes — Calendly signs a HIPAA BAA on Teams and Enterprise plans. Free and Standard plans are not HIPAA eligible and may not be used with PHI. Contact Calendly support or sales to request BAA execution after upgrading.

Which Calendly plan supports HIPAA?

The Teams plan (~$20/seat/month) and Enterprise plans are the HIPAA-eligible tiers. Free, Standard, and Essentials plans do not qualify for BAA coverage.

Can I use Calendly for telehealth scheduling?

Yes — on Teams or Enterprise plans with an executed BAA. Calendly is commonly used by telehealth providers, therapists, and wellness practices for patient appointment scheduling. Ensure any integrated tools (video conferencing, CRM) also have BAAs in place.

Note: Vendor BAA policies change. Verify current terms directly with Calendly before making compliance decisions.

Need your side of the BAA?

Calendly provides their BAA — but you still need to execute BAAs with all your other vendors. Generate one in minutes.

Generate BAA for Free →