Is PayPal HIPAA compliant?

PayPal could not be accepted as HIPAA compliant because it won’t sign a business associate agreement (BAA). Covered entities shouldn’t use this payment platform for PHI.

PayPal doesn’t state that it provides HIPAA-compliant features for covered entities, and a company shouldn’t use this payment platform for protected health information (PHI). Not only are specific security protections missing, but this service can be a blatant violation of HIPAA regulations.

One issue is that PayPal uses transaction data to optimize relevant offers for both consumers and merchants. PayPal collects user information and provides data to advertisers, which is a clear violation of HIPAA regulations.

HIPAA privacy rules require the protection of all “individually identifiable health information.” Demographic data and payment history fall into this category.

Also, PayPal won’t sign a BAA with covered entities. Medical providers should find an alternate, HIPAA-compliant service to collect payments.

Product details

Company Logo

Business Associate Agreement


HIPAA Compliant



Payment Apps

Product description

PayPal offers payment processing services for businesses, online vendors, and personal transfers. This payment system is a digital alternative to traditional payment methods, such as cash and checks.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction