In order to comply with Health Insurance Portability and Accountability Act (HIPAA) regulations, healthcare providers must safeguard patients’ protected health information (PHI) — including information that providers use to obtain payment for services. While HIPAA does allow providers to disclose some information to get reimbursed or paid, they still must take reasonable precautions with PHI.
Unfortunately, hackers can breach cloud-based accounting software — as well as any other type of software as a service (SaaS) product. In fact, hackers did just that to one of the world’s largest accounting software providers in 2019. It’s unclear whether this breach exposed customer data, but the incident illustrates the importance of choosing HIPAA-compliant accounting software, which will protect you if hackers breach your accounting systems.
What to look for in HIPAA-compliant accounting software
If you work with a HIPAA-compliant accounting software provider, they will sign a business associate agreement (BAA), which absolves you of blame if they expose PHI. Having a BAA in place with your business associates is a major HIPAA-compliance requirement.
Additionally, when you’re researching HIPAA-compliant accounting software, one of the things you should pay attention to is the type of encryption the service provider uses to safeguard data in transit and at rest. The data security industry considers AES-256 encryption a strong safeguard against brute force attacks, which occur when hackers try to guess your password using a bot.
Any software you choose should also provide audit trails that note when someone accesses PHI. In the event of a breach, this will help you identify any compromised information and allow you to remedy the situation much faster.
HIPAA-compliant accounting software choices
There are a lot of choices when it comes to accounting software. You can go with a system that’s designed for medical practices, or you can choose a more general solution. Here are some of the best HIPAA-compliant accounting software choices.
In addition to providing accounting capabilities, Cliniko bills itself as a complete solution to manage clinics and healthcare practices. The accounting features let you create invoices directly from appointments in the calendar, request online payments from patients, use custom payment types — like private health insurance and credit cards — and set up tax rates for products you sell.
You can set up payments so that patients can pay up front, or split the bill so they pay a portion and their health insurance pays a portion. Cliniko also lets you set up discounts and keep track of events related to invoices — such as payments.
Cliniko uses 2048-bit encryption for data that you send or receive, and it stores data with 256-bit encryption. It hosts data in data centers that are secured by perimeter controls, building entry points, and electronic systems — like intrusion detection.
Pricing starts at $45 per month for one practitioner, and Cliniko offers a free 30-day trial of its software.
Medipro Lytec software is a complete package for managing a healthcare practice, but its accounting features are worth a closer look. Lytec lets you bill patients and insurance companies, and it automatically posts payments. You can use a single screen to enter charges and payments, and use multiple schedules for fees.
Lytec also has add-ons that you can purchase to enhance its accounting capabilities. For example, a Patient Cost Estimator module lets you create an estimate to send to a patient before their appointment, and a BillFlash integration provides online billing, online electronic payments, and paper billing.
Pricing for Lytec is available upon request.
Another HIPAA-compliant accounting software package is NueMD, which is part of a complete medical practice management suite. The medical billing component includes features like claim scrubbing (to check claims against common edits), batch payment recording, and reimbursement and outstanding payment tracking.
NueMD also lets you post payments from multiple sources — like copays, insurance, and deductibles — to patient accounts. You can automatically print letters to patients with past due balances and create statements broken down by visit to help them understand their billing.
Pricing is customized, and you can build your own bundle with the features you need or choose a standard bundle.
These are just a few choices for HIPAA-compliant accounting software. As with any software you choose for your medical practice, you should evaluate it based on the features you’ll need and how it will improve your practice’s compliance and efficiency overall.