HIPAA compliant billing software

Whether your company delivers healthcare directly or assists providers, there are challenges every day. Patients, pandemics, or a plethora of other things pull on your time and attention. You never have to wonder if you’re making things better for others. Are the services you’re using doing the same for you? Specifically, are you using HIPAA compliant billing software?

To help you decide, we’ve prepared an overview of what the HIPAA regulations state. We also reviewed some of the most popular payment apps available to determine whether or not they are HIPAA compliant payment apps. 

How Does HIPAA Define Billing Software Compliance?

HIPAA regulations are very clear regarding protected health information (PHI). Covered entities (like a doctor, clinic, or hospital) and their business associates (like a billing service or payment processor) must protect the rights and privacy of patients as part of their HIPAA compliance strategy. Having a business associate agreement signed with those companies before services are provided fulfills part of that responsibility.

However, one of the things that makes HIPAA so hard to fully grasp is the exceptions it has. One of these exceptions specifically addresses financial transactions.

“When a financial institution processes consumer-conducted financial transactions by debit, credit, or other payment card, clears checks, initiates or processes electronic funds transfers, or conducts any other activity that directly facilitates or effects the transfer of funds for payment for health care or health plan premiums. When it conducts these activities, the financial institution is providing its normal banking or other financial transaction services to its customers; it is not performing a function or activity for, or on behalf of, the covered entity.”

It sounds relatively straightforward until you consider the evolution and innovation within the financial world. Options that were unimaginable when the law was initially passed in 1996 are commonplace today. While these new options are very convenient, not all meet the standards for HIPAA Compliance.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

Traditional Financial Institutions: Are You Using HIPAA Compliant Billing Software?

Suppose your financial institution simply cashes checks and processes debit or credit card payments (like a traditional bank or credit union). In that case, you’re unlikely to need a business associate agreement with them. The problem is that very few of these institutions limit themselves to those traditional activities. Nearly all have some type of online service or application.

Many “old school” banks now offer investment, insurance, billing, and collection services. The question to ask regarding HIPAA compliance is:  Does my financial institution use or disclose patient protected health information either through services provided to or action taken on my behalf? 

If they generate bills or receipts that contain PHI, they have to be HIPAA compliant. If you’re still unsure, ask if they will sign a business associate agreement. It may be wise to think about others who will if they won’t. It’s better to be safe than sorry.  

Online Billing and Payment Options

To be HIPAA compliant, online financial service providers must be willing to sign (or provide) a valid business associate agreement to be HIPAA compliant. The Security Rule provides guidance regarding PHI’s use, handling, and storage.

For example, do they collect customer data (and are they aboveboard about this practice)? Do they use customer data for marketing or sell it? Do they keep PHI private and secure?

Do they send receipts and invoices using a