best hipaa-compliant payment methods

5 Best HIPAA-Compliant Payment Methods

Online payment methods offer convenience, but they may not provide adequate security. HIPAA law prohibits unauthorized disclosures of electronic protected health information (ePHI) without a patient’s consent. It’s important to use HIPAA-compliant payment methods or tools like the ones included on this list.

HIPAA Requirements for Secure Payment Methods

The Department of Health and Human Services (HHS) outlines guidelines for uses and disclosures for treatment, payment, and healthcare operations. Under the HIPAA Privacy Law, these guidelines help provide federal protection for personal health information. Generally, the law prohibits using and disclosing PHI  for treatment, healthcare, and payment operations without your patient’s authorization.

When disclosing PHI for payment purposes, you should limit the disclosed information to only the minimum necessary. Authorized staff should only have access to PHI if the information is needed to perform their duties. Covered entities may also obtain consent from their patients to use their PHI for payment. This means your payment method should have the necessary features, such as role-based access restrictions to PHI if you want to abide by the HIPAA Privacy Rule.

Here are some payment methods that enable HIPAA compliance:

5 Best HIPAA-Compliant Payment Methods

1. Kareo Billing

Kareo is a practice management software that offers cloud-based applications for in-house billing. With Kareo, you can easily manage payments from insurance claims and get paid faster. The platform offers advanced security features, as attested by third-party security audits based on HITRUST and NIST security frameworks. It also provides a Business Associate Agreement (BAA) with covered entities and business associates under HIPAA law.

Kareo Billing lets you:

  • Manage your billing processes from web or mobile apps
  • Track your claims with a centralized A/R management system
  • Monitor your collections and analyze your data on a reporting dashboard
  • Verify a patient’s insurance claim eligibility with government and commercial insurance companies like Medicare, Medicaid, Blue Cross, Aetna, and Cigna.

Price per month:

Contact sales

5 Best HIPAA-Compliant Payment Methods

2. Jane

Like Kareo, Jane is a cloud-based practice management software with various administrative features for online booking, insurance management, and payments. It utilizes SOC 2 audited data centers, bank-level data encryption, and strict agreements with staff to maintain confidentiality. Jane is also willing to sign a BAA with covered entities and business associates.

With Jane, you can: 

  • Securely gather patients’ credit card information using your online booking payment policy or intake form
  • Email patients, reminding them of their pay balance for no-shows and late cancellations
  • Automatically inform patients of your payment policies during the online booking process
  • Create invoices and automatically integrate billing details into your reports
  • Send payment notifications via SMS and email, providing patients with a secure online payment link

Price per month:

Base: $79
Insurance: $109

5 Best HIPAA-Compliant Payment Methods

3. SimplePractice

If you’re frustrated with billing issues, try SimplePractice. A platform that offers automated HIPAA-compliant payment methods, SimplePractice provides secure data centers with 24/7 monitoring, bank-level EHR security, two-step verification, and a BAA. Like Kareo, SimplePractice is also HITRUST certified, showing its commitment to data security.

SimplePractice allows you to:

  • Enroll patients in automatic payments for quick bill collections
  • Use a secure integrated credit card payment method
  • Allow clients to pay directly from their online portal
  • Quickly create and send digital invoices, billing statements, and CMS-1500 forms
  • Review a patient’s appointment billing history and payments
  • Generate and send a “superbill,” which shows all the services a client received from you 

Price per month: 

Starter: $29
Essential: $69
Plus: $99

5 Best HIPAA-Compliant Payment Methods

4. NextGen Office

NextGen Office is a cloud-based EHR and practice management system with payment posting services. The provider uses NextGen Pay, powered by InstaMed, another HIPAA-compliant payment method tool. Aside from being HITRUST certified, NextGen is also Payment Card Industry Data Security Standard-validated (PCI DSS certified). This means it follows the security standards for processing and transmitting credit card information.

NextGen Office offers these features:

  • Convenient touch and tap pay using Apple Pay and Google Pay
  • Printable receipts and balance-due reminders sent through email
  • Partial refund processing
  • Claims Work List, which organizes claims-related follow-up tasks
  • Automated high-quality patient statements and collection letters that you can mail
  • Billing statements, letters, and cards with QR codes

Price per month

Contact sales

5 Best HIPAA-Compliant Payment Methods

5. TherapyNotes

Specifically designed for behavioral health practices, TherapyNotes includes electronic billing in its list of services. As a HIPAA-compliant payment tool, TherapyNotes offers first-class security infrastructure, a HIPAA-trained team, secure online access with FIPS-140-2 compliant encryption, and secure backup and disaster recovery.

Key features of TherapyNotes include:

  • Integrated clearinghouse features, which lets you submit, verify, and stay updated on claims
  • Detailed reporting on patients’ insurance coverage
  • Electronic Remittance Advice (ERA) with assisted ERA payment posting
  • Credit card processing
  • Client payment tracking so you can check balance dues
  • Superbills to help with clients’ reimbursements
  • Revenue tracking
  • Integrated Merit-based Incentive Payment System (MIPS)

Price per month:

Solo: $49
Group: $59 per clinician
Enterprise: $59 per clinician
Additional clinician: $30

Choose HIPAA-Compliant Payment Methods

Most people are familiar with payment methods like PayPal, Venmo, and Zelle. However, these tools are not HIPAA compliant. While they offer convenience, they may also compromise data security and result in legal consequences for your organization.

There are payment software providers dedicated to HIPAA compliance. Even if the HHS doesn’t recognize official HIPAA certification, providers can prove they can enable HIPAA compliance by offering a BAA. Avoid any payment tool that won’t sign a BAA if you don’t want to compromise data privacy.

Kent Cañas

Kent is a content strategist currently specializing in HIPAA-compliant online fax. Her expertise in this field allows her to provide valuable insights to clients seeking a secure and efficient online fax solution.

More great articles
hipaa-compliant remote access software
5 Best HIPAA-Compliant Remote Access Software

Here are five HIPAA-compliant remote access software platforms that should be part of your digital tools library.

Read Story
Is Trello HIPAA Compliant?
Is Trello HIPAA Compliant?

Is Trello HIPAA compliant? Find out whether this Kanban-style project management tool is suitable for handling sensitive healthcare information.

Read Story
best hipaa-compliant teleconferencing tools
5 Best HIPAA-Compliant Teleconferencing Solutions

Check out this list that features the best HIPAA-compliant teleconferencing solutions and why they are better suited for healthcare organizations.

Read Story
Subscribe to iFax Newsletter
Get great content to your inbox every week. No spam.

    Only great content, we don’t share your email with third parties.