Is Square HIPAA compliant?

Under the Health Insurance Portability and Accountability Act (HIPAA), anyone who handles patient information is required to keep that information private and safe. While HIPAA is most commonly known as a mandate for electronic data privacy, it also encompasses policies for broader issues such as preexisting medical conditions and loss of health insurance.

Many companies have started using Square for fast, efficient electronic billing. But those working in the healthcare sector and their associates may wonder if Square is HIPAA compliant. The answer is yes — but only if you meet certain obligations. 

What is HIPAA?

Whether you’re operating a healthcare company or running a business that supplies supplementary services to one, you’re legally obliged to comply with HIPAA. Supplementary services range from electronic billing to web hosting. 

HIPAA was signed into federal law in 1996. This important act aims to protect all users of healthcare services — from patients to insurance policyholders. It’s vital that every healthcare institution and their business associates fully understand their HIPAA-related responsibilities. 

The act has five sections, or titles:

  1. HIPAA Title I ensures that individuals who lose or change their jobs, or who have preexisting conditions, are protected. 
  2. HIPAA Title II is the mandate concerning safe electronic access to patients’ health data. It applies to healthcare companies and their providers.
  3. HIPAA Title III covers taxes, including deducting medical expenses and medical savings accounts.
  4. HIPAA Title IV defines other reforms in health insurance, including for people with preexisting conditions and continued coverage during gaps in employment.
  5. HIPAA Title V prevents employers who provide life insurance from claiming a tax deduction on interest, as well as provisions for people who become expatriates or lose citizenship for income tax reasons.

When people refer to HIPAA compliance, they’re often talking about Title II, which is also sometimes known as the “Administrative Simplification” guidelines. These guidelines are essential to understand if you’re using Square to process payments.

Failure to comply with HIPAA has serious consequences. If there’s a data breach, healthcare organizations and their business associates must notify those who were affected. If any of these organizations break federal law, they could be audited and fined or even face criminal charges.

Square and HIPAA compliance

Square offers a wide range of payment services that allow organizations to electronically collect secure payments from clients. 

Square provides a business associate agreement (BAA) in which it commits to operating in accordance with HIPAA guidelines. This includes agreeing not to use or disclose protected health information (PHI) in any way that isn’t permitted under HIPAA. 

Square also agrees to use appropriate safeguards and comply with regulations on electronic protected health information (ePHI). You can read Square’s BAA in full here

If you’re using Square in a healthcare-related industry, you need to take steps to ensure you’re doing so in a HIPAA-compliant manner. That’s because HIPAA requires all parties to use the standardized electronic data interchange (EDI) protocols when they’re conducting transactions. This means the data must be secure on both sides of the transaction — not just on Square’s end. 

Check to see if you have safeguards in place to prevent unauthorized use of PHI when using Square to send invoices and collect payments such as deposits, medical bills, and health insurance copays. You can do this by making sure that you use secure payment forms any time you use Square. Otherwise, you could be violating federal law.

Using secure payment forms with Square

In 2019, there were 418 HIPAA breaches, equating to 34.9 million Americans whose PHI was compromised. If you’re looking for a simple way to protect this highly sensitive information, consider using JotForm’s payment form templates along with its Square payment integration. 

You can create customized, secure Square payment forms. This ensures you’re complying with HIPAA whenever you use Square. Here’s how to set up these payment forms:

  • Go to JotForm, and pick a template that incorporates Square payments.
  • Customize the form.
  • Select the Square icon in the Form Builder and log in to connect your Square account.
  • Now you’re all set to instantly process Square payments, with no hidden fees.

Secure forms have been tested for many years; they’re a safe, HIPAA-compliant way for healthcare professionals to collect electronic payments. For example, Dr. Cynthia Brattesani is one of the many dentists who used to rely on checks to collect payments from patients. After she switched to HIPAA-compliant payment forms, she no longer had to spend as much time chasing after unpaid bills. 

Processing Square payments in a HIPAA-compliant manner doesn’t have to be a headache. Ready-made and customizable secure forms take the hassle out of using Square and, most important, ensure you’re protecting patient data and your reputation.

This article is originally published on Jun 03, 2020, and updated on Jul 07, 2020.
AUTHOR
Firm believer in personal data privacy in the age of information. Close follower of the new regulations concerning patient confidentiality & HIPAA. You can reach George through his contact form.

Send Comment:

JotForm Avatar

Comment:

Podo CommentBe the first to comment.