As more companies begin to accept non-traditional forms of payment, it is important to determine whether or not these payments are secure. This is particularly important for healthcare organizations. This begs the question, is Square HIPAA compliant?
Is Square HIPAA Compliant: HIPAA Safeguards
HIPAA requires organizations working with protected health information (PHI) to implement administrative, technical, and physical safeguards to secure the sensitive information. These safeguards are meant to ensure the confidentiality, integrity, and availability of PHI.
Are you adequately protecting patient data? Find out now with our HIPAA compliance checklist.
Square lists its’ privacy protections as follows:
- Access Controls: ensure that only authorized users have access to data. Square accomplishes this by only granting access to cryptographic keys and application data to employees that require access.
- User Authentication: ensures that users are who they appear to be. Square uses strong passwords and two-factor authentication for administrative access to their systems. Two-factor authentication utilizes multiple login credentials, such as a password in combination with security questions, to authenticate users.
- Audit Controls: tracks access to sensitive data. Audit controls are enabled through the use of unique login credentials, allowing administrators to attribute actions to specific users. Square logs and reviews access to data and their secure services on a regular basis.
Square lists its’ security protections as follows:
- Encryption: masks sensitive data, rendering it unreadable to unauthorized users. Square encrypts data within their card reader upon swiping and data stored and transmitted through their platform
- Security Patches: ensure that systems are updated to prevent unauthorized access. Square implements patches and updates on their equipment and servers as they become available.
- Incident Response: ensures that incidents are dealt with in a timely manner. Square has incident response plans in place enabling data protection and quick response in emergency situations.
- Policies and Procedures: enable the adequate protection of sensitive data. Square frequently reviews their policies and procedures to ensure the protection of sensitive data.
Is Square HIPAA Compliant: HIPAA Business Associate Agreement
Software companies that have access to PHI are considered business associates under the HIPAA regulation. To use any software in conjunction with PHI, HIPAA requires organizations to have a signed business associate agreement (BAA). A BAA is a legal document mandating business associates to implement safeguards to protect PHI. Square is willing to sign a BAA with their healthcare clients, as such, can be used for HIPAA compliant payment processing.
Is Square HIPAA Compliant?
So is Square HIPAA compliant? Yes, with a signed BAA in place and when used properly, Square is HIPAA compliant.
For more information on Square and HIPAA please click here.