PayPal isn’t HIPAA compliant and won’t sign a business associate agreement (BAA). Covered entities shouldn’t use this payment platform for PHI.
PayPal doesn’t provide HIPAA-compliant features for covered entities, and a company shouldn’t use this payment platform for protected health information (PHI). Not only are specific security protections missing, but this service can be a blatant violation of HIPAA regulations.
One issue is that PayPal uses transaction data to optimize relevant offers for both consumers and merchants. PayPal collects user information and provides data to advertisers, which is a clear violation of HIPAA regulations.
HIPAA privacy rules require the protection of all “individually identifiable health information.” Demographic data and payment history fall into this category.
Also, PayPal won’t sign a BAA with covered entities. Medical providers should find an alternate, HIPAA-compliant service to collect payments.
PayPal offers payment processing services for businesses, online vendors, and personal transfers. This payment system is a digital alternative to traditional payment methods, such as cash and checks.
Readers should perform their own research before making the final decision. The information on the JotForm HIPAA Compliance Checker does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.