Square has become a popular payment method as it allows for automatic transfers from one account to another for no service fee. But can Square be used by healthcare providers to receive payments from patients? Well, that would require Square to be HIPAA compliant, so is Square HIPAA compliant?
Square and Information Protection
One of the key determinants on whether or not a service is HIPAA compliant is the security methods used to secure sensitive information transmitted through it. Providers or business associates using Square for payments will require users to provide financial information such as debit/credit cards or account numbers.
Under HIPAA, debit cards, credit cards, bank account numbers and all non-cash payment types are considered protected health information (PHI) when they are connected to treatment, payment, or healthcare operations. HIPAA requires organizations to implement security measures to ensure the confidentiality, integrity, and availability of PHI.
According to Square’s website, they implement data encryption within their card reader at the moment of swipe and around the clock monitoring by dedicated security staff to ensure the security of payments sent through their service. They are also PCI compliant.
So, Square meets HIPAA security requirements, but that is not the only determinant of a service’s HIPAA compliance. To be HIPAA compliant, a service provider must also sign business associate agreements with their users.
Does Square Sign Business Associate Agreements?
Does Square sign business associate agreements (BAAs)? If a healthcare provider is accepting payments from patients through an electronic payment service, that service provider is considered a business associate under HIPAA. Since HIPAA requires healthcare providers to have signed BAAs with all of their business associates, Square would need to be willing and able to sign a BAA with users to be considered HIPAA compliant.
So does Square sign business associate agreements? Square’s website has a page that specifically addresses HIPAA compliance including a link to their HIPAA Business Associate Agreement, it is fair to assume that Square does sign BAAs with their users.
Is Square HIPAA Compliant?
Is Square HIPAA compliant? In the final analysis, Square is HIPAA compliant, provided that users have a signed BAA with Square before using their service.
