Ivy Pay and Information Protection
One of the key determinants of whether or not a service is HIPAA compliant is the security methods used to secure sensitive information transmitted through it. Providers or business associates using Ivy Pay for payments will require users to provide financial information such as debit/credit cards or account numbers.
Under HIPAA, debit cards, credit cards, bank account numbers, and all non-cash payment types are protected health information (PHI) when connected to treatment, payment, or healthcare operations. HIPAA requires organizations to implement security measures to ensure PHI’s confidentiality, integrity, and availability.
In response to our request for information about how Ivy Pay handles sensitive information, a member of their support team said,
“Ivy uses advanced security systems and data encryption to protect both clients and therapists, as well as safeguard against unauthorized transactions and access to personal or financial information. Administrative, technical, and physical safeguards are in place to ensure data is protected in transit, at rest, and when handled by Ivy Pay representatives.
All information on the Ivy Pay system is encrypted, stored, and protected on secure servers. We work with extreme vigilance to ensure that Ivy meets and exceeds security industry standards and best practices. Ivy Pay uses industry-standard SSL encryption on every part of the Ivy Pay system as well as PCI data security protocols. This is the same encryption technology used by banks and brokerages to safeguard financial information.”