Online payment methods offer convenience, but they may not provide adequate security. HIPAA law prohibits unauthorized disclosures of electronic protected health information (ePHI) without a patient’s consent. It’s important to use HIPAA-compliant payment methods or tools like the ones included on this list.
Top 5 HIPAA-Compliant Payment Methods:
HIPAA Requirements for Secure Payment Methods
The Department of Health and Human Services (HHS) outlines guidelines for uses and disclosures for treatment, payment, and healthcare operations. Under the HIPAA Privacy Law, these guidelines help provide federal protection for personal health information. Generally, the law prohibits using and disclosing PHI for treatment, healthcare, and payment operations without your patient’s authorization.
When disclosing PHI for payment purposes, you should limit the disclosed information to only the minimum necessary. Authorized staff should only have access to PHI if the information is needed to perform their duties. Covered entities may also obtain consent from their patients to use their PHI for payment. This means your payment method should have the necessary features, such as role-based access restrictions to PHI if you want to abide by the HIPAA Privacy Rule.
Here are some payment methods that enable HIPAA compliance:
1. Kareo Billing
Kareo is a practice management software that offers cloud-based applications for in-house billing. With Kareo, you can easily manage payments from insurance claims and get paid faster. The platform offers advanced security features, as attested by third-party security audits based on HITRUST and NIST security frameworks. It also provides a Business Associate Agreement (BAA) with covered entities and business associates under HIPAA law.
Kareo Billing lets you:
- Manage your billing processes from web or mobile apps
- Track your claims with a centralized A/R management system
- Monitor your collections and analyze your data on a reporting dashboard
- Verify a patient’s insurance claim eligibility with government and commercial insurance companies like Medicare, Medicaid, Blue Cross, Aetna, and Cigna.
Price per month:
Contact sales
2. Jane
Like Kareo, Jane is a cloud-based practice management software with various administrative features for online booking, insurance management, and payments. It utilizes SOC 2 audited data centers, bank-level data encryption, and strict agreements with staff to maintain confidentiality. Jane is also willing to sign a BAA with covered entities and business associates.
With Jane, you can:
- Securely gather patients’ credit card information using your online booking payment policy or intake form
- Email patients, reminding them of their pay balance for no-shows and late cancellations
- Automatically inform patients of your payment policies during the online booking process
- Create invoices and automatically integrate billing details into your reports
- Send payment notifications via SMS and email, providing patients with a secure online payment link
Price per month:
Base: $79
Insurance: $109
3. SimplePractice
If you’re frustrated with billing issues, try SimplePractice. A platform that offers automated HIPAA-compliant payment methods, SimplePractice provides secure data centers with 24/7 monitoring, bank-level EHR security, two-step verification, and a BAA. Like Kareo, SimplePractice is also HITRUST certified, showing its commitment to data security.
SimplePractice allows you to:
- Enroll patients in automatic payments for quick bill collections
- Use a secure integrated credit card payment method
- Allow clients to pay directly from their online portal
- Quickly create and send digital invoices, billing statements, and CMS-1500 forms
- Review a patient’s appointment billing history and payments
- Generate and send a “superbill,” which shows all the services a client received from you
Price per month:
Starter: $29
Essential: $69
Plus: $99
4. NextGen Office
NextGen Office is a cloud-based EHR and practice management system with payment posting services. The provider uses NextGen Pay, powered by InstaMed, another HIPAA-compliant payment method tool. Aside from being HITRUST certified, NextGen is also Payment Card Industry Data Security Standard-validated (PCI DSS certified). This means it follows the security standards for processing and transmitting credit card information.
NextGen Office offers these features:
- Convenient touch and tap pay using Apple Pay and Google Pay
- Printable receipts and balance-due reminders sent through email
- Partial refund processing
- Claims Work List, which organizes claims-related follow-up tasks
- Automated high-quality patient statements and collection letters that you can mail
- Billing statements, letters, and cards with QR codes
Price per month
Contact sales
5. TherapyNotes
Specifically designed for behavioral health practices, TherapyNotes includes electronic billing in its list of services. As a HIPAA-compliant payment tool, TherapyNotes offers first-class security infrastructure, a HIPAA-trained team, secure online access with FIPS-140-2 compliant encryption, and secure backup and disaster recovery.
Key features of TherapyNotes include:
- Integrated clearinghouse features, which lets you submit, verify, and stay updated on claims
- Detailed reporting on patients’ insurance coverage
- Electronic Remittance Advice (ERA) with assisted ERA payment posting
- Credit card processing
- Client payment tracking so you can check balance dues
- Superbills to help with clients’ reimbursements
- Revenue tracking
- Integrated Merit-based Incentive Payment System (MIPS)
Price per month:
Solo: $49
Group: $59 per clinician
Enterprise: $59 per clinician
Additional clinician: $30
Choose HIPAA-Compliant Payment Methods
Most people are familiar with payment methods like PayPal, Venmo, and Zelle. However, these tools are not HIPAA compliant. While they offer convenience, they may also compromise data security and result in legal consequences for your organization.
There are payment software providers dedicated to HIPAA compliance. Even if the HHS doesn’t recognize official HIPAA certification, providers can prove they can enable HIPAA compliance by offering a BAA. Avoid any payment tool that won’t sign a BAA if you don’t want to compromise data privacy.
