Under the Health Insurance Portability and Accountability Act (HIPAA), anyone who handles patient information is required to keep that information private and safe. While HIPAA is most commonly known as a mandate for electronic data privacy, it also encompasses policies for broader issues such as preexisting medical conditions and loss of health insurance.
Many companies have started using Square for fast, efficient electronic billing. But those working in the healthcare sector and their associates may wonder if Square can be used in a HIPAA-friendly manner. The answer depends on if you meet certain obligations.
Whether you’re operating a healthcare company or running a business that supplies supplementary services to one, you’re legally obliged to comply with HIPAA. Supplementary services range from electronic billing to web hosting.
HIPAA was signed into federal law in 1996. This important act aims to protect all users of healthcare services — from patients to insurance policyholders. It’s vital that every healthcare institution and their business associates fully understand their HIPAA-related responsibilities.
The act has five sections, or titles:
When people refer to HIPAA compliance, they’re often talking about Title II, which is also sometimes known as the “Administrative Simplification” guidelines. These guidelines are essential to understand if you’re using Square to process payments.
Failure to comply with HIPAA has serious consequences. If there’s a data breach, healthcare organizations and their business associates must notify those who were affected. If any of these organizations break federal law, they could be audited and fined or even face criminal charges.
Square offers a wide range of payment services that allow organizations to electronically collect secure payments from clients.
Square provides a business associate agreement (BAA) in which it commits to operating in accordance with HIPAA guidelines. This includes agreeing not to use or disclose protected health information (PHI) in any way that isn’t permitted under HIPAA.
Square also agrees to use appropriate safeguards and comply with regulations on electronic protected health information (ePHI). You can read Square’s BAA in full here.
If you’re using Square in a healthcare-related industry, you need to take steps to ensure you’re doing so in a HIPAA-friendly manner. That’s because HIPAA requires all parties to use the standardized electronic data interchange (EDI) protocols when they’re conducting transactions. This means the data must be secure on both sides of the transaction — not just on Square’s end.
Check to see if you have safeguards in place to prevent unauthorized use of PHI when using Square to send invoices and collect payments such as deposits, medical bills, and health insurance copays. You can do this by making sure that you use secure payment forms any time you use Square. Otherwise, you could be violating federal law.
In 2019, there were 418 HIPAA breaches, equating to 34.9 million Americans whose PHI was compromised. If you’re looking for a simple way to protect this highly sensitive information, consider using Jotform’s payment form templates along with its Square payment integration.
You can create customized, secure Square payment forms. This helps you comply with HIPAA whenever you use Square. Here’s how to set up these payment forms:
Secure forms have been tested for many years; they’re a safe way for healthcare professionals to collect electronic payments. For example, Dr. Cynthia Brattesani is one of the many dentists who used to rely on checks to collect payments from patients. After she switched to such payment forms, she no longer had to spend as much time chasing after unpaid bills.
Processing Square payments in a HIPAA-friendly manner doesn’t have to be a headache. Ready-made and customizable secure forms take the hassle out of using Square and, most important, ensure you’re protecting patient data and your reputation.
