Credit Card Payment For Private Practice - HIPAA Compliance Needed?

learn how to start a private practice
This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
X

Xepa777

New Member
2+ Year Member
Joined
Jul 31, 2019
Messages
10
Reaction score
0
Dumb question sorry...do I need a credit card processor that's HIPAA compliant for private practice for "cash payment" customers? In previous threads I searched here I saw people talking about taking Venmo, which I'm pretty sure is not HIPAA compliant lol. Does something like Stripe/Square/Venmo work? I want to integrate payment within Google Forms (which is HIPAA compliant). Any guidance would be much appreciated.
Members don't see this ad.
 
Members don't see this ad :)
  • Like
Reactions: 1 users
You need PCI compliance if you accept credit card payments. Even though taking payments through a credit card processor can generate personally identifiable information, HHS have stated that collecting payments is excluded explicitly from HIPAA mandates. This is as long as you only use it to collect payment. Do NOT agree to a credit card processor's other features like invoicing and financial analysis unless you first get a BAA from them.

Google Forms would not be PCI compliant if they are keying in their credit card information and then stored on a Google Sheet on your end. Ideally, you would not see the credit card information or have it stored anywhere at all.

Usually your EMR would have this integrated. Otherwise, I would stick to ACH payments or wire transfer or simply a check. You can also use Bluefin, Ivy Pay, or Square. It might be a good idea to sign a BAA. I wouldn't do Venmo, Zelle, Paypal, CashApp, Stripe, Apple Pay.
 
  • Like
Reactions: 3 users
clozareal said:
You need PCI compliance if you accept credit card payments. Even though taking payments through a credit card processor can generate personally identifiable information, HHS have stated that collecting payments is excluded explicitly from HIPAA mandates. This is as long as you only use it to collect payment. Do NOT agree to a credit card processor's other features like invoicing and financial analysis unless you first get a BAA from them.

Google Forms would not be PCI compliant if they are keying in their credit card information and then stored on a Google Sheet on your end. Ideally, you would not see the credit card information or have it stored anywhere at all.

Usually your EMR would have this integrated. Otherwise, I would stick to ACH payments or wire transfer or simply a check. You can also use Bluefin, Ivy Pay, or Square. It might be a good idea to sign a BAA. I wouldn't do Venmo, Zelle, Paypal, CashApp, Stripe, Apple Pay.
Click to expand...

I'm thinking of having a Google Forms with Stripe for payment processing. Stripe is a separate site and would handle the payment (wouldn't be stored on sheets), I just need to find a way to have confirmation payment occured, then directly link to a Calendly to book therapy time.

My goal is to create a self-service model where patients can book therapy sessions on demand and have it automatically show up on the calendar without any lag time. And have me know that the booked sessions are already paid for. Hope that makes sense!
 
TexasPhysician said:
If you are all cash, HIPAA doesn’t pertain to you which means the question doesn’t matter.
Click to expand...

I hear what you're saying and totally agree. Just want to keep it HIPAA compliant in case something changes in the future and we want to accept insurance (just starting off, so don't know what we don't know yet lol).
 
Xepa777 said:
I'm thinking of having a Google Forms with Stripe for payment processing. Stripe is a separate site and would handle the payment (wouldn't be stored on sheets), I just need to find a way to have confirmation payment occured, then directly link to a Calendly to book therapy time.

My goal is to create a self-service model where patients can book therapy sessions on demand and have it automatically show up on the calendar without any lag time. And have me know that the booked sessions are already paid for. Hope that makes sense!
Click to expand...
Stripe is not HIPAA compliant but you're technically not a covered entity if the pt does all the billing themselves (submitting OON claim) so that doesn't matter.
 
Xepa777 said:
I'm thinking of having a Google Forms with Stripe for payment processing. Stripe is a separate site and would handle the payment (wouldn't be stored on sheets), I just need to find a way to have confirmation payment occured, then directly link to a Calendly to book therapy time.

My goal is to create a self-service model where patients can book therapy sessions on demand and have it automatically show up on the calendar without any lag time. And have me know that the booked sessions are already paid for. Hope that makes sense!
Click to expand...
What EHR are you using? Luminello has the functionality you're looking to create
 
  • Like
Reactions: 1 user
When is graduation again? said:
What EHR are you using? Luminello has the functionality you're looking to create
Click to expand...
Google sheets lol. Since Google is HIPAA compliant, trying to consolidate the whole ecosystem there. Also trying to avoid costs for these SaaS platforms that are going to hold me hostage if I get used to them. I know I know, lol.
 
clozareal said:
Stripe is not HIPAA compliant but you're technically not a covered entity if the pt does all the billing themselves (submitting OON claim) so that doesn't matter.
Click to expand...
If I take private insurance in the future, does this still apply? Can the patient do the billing themselves if I just direct them to a Square page to pay?
 
I think you're over complicating things. Starting a private practice is already difficult as it is without adding to your burden by trying to create budget work arounds. You're probably better off getting an EHR that has all the functions you need, then splitting that cost among your patients. Luminello is $119/ month for premium subscription. If you see have 20 patients per week (80 per month), you're only charging an extra $1.50 per visit. Even if you don't pass the cost to the patient, the amount of work it'll save you would be well worth the cost.

If the upfront cost is an issue, you could always use free trials. I have a 3 month free trial of Luminello and a 6 month free trial of Psychology Today.
 
  • Like
Reactions: 4 users
Members don't see this ad :)
When is graduation again? said:
I think you're over complicating things. Starting a private practice is already difficult as it is without adding to your burden by trying to create budget work arounds. You're probably better off getting an EHR that has all the functions you need, then splitting that cost among your patients. Luminello is $119/ month for premium subscription. If you see have 20 patients per week (80 per month), you're only charging an extra $1.50 per visit. Even if you don't pass the cost to the patient, the amount of work it'll save you would be well worth the cost.

If the upfront cost is an issue, you could always use free trials. I have a 3 month free trial of Luminello and a 6 month free trial of Psychology Today.
Click to expand...
I agree. Paying an annual luminello subscription up front was way easier for me. Part of what I'm paying them for is to make sure all of this is compliant. Now I don't have to sift through anywhere near as much red tape to make sure things are compliant. Bluefin integration makes it so simple to process payments and keep track of everything.
 
  • Like
Reactions: 1 user
clozareal said:
You need PCI compliance if you accept credit card payments. Even though taking payments through a credit card processor can generate personally identifiable information, HHS have stated that collecting payments is excluded explicitly from HIPAA mandates. This is as long as you only use it to collect payment. Do NOT agree to a credit card processor's other features like invoicing and financial analysis unless you first get a BAA from them.

Google Forms would not be PCI compliant if they are keying in their credit card information and then stored on a Google Sheet on your end. Ideally, you would not see the credit card information or have it stored anywhere at all.

Usually your EMR would have this integrated. Otherwise, I would stick to ACH payments or wire transfer or simply a check. You can also use Bluefin, Ivy Pay, or Square. It might be a good idea to sign a BAA. I wouldn't do Venmo, Zelle, Paypal, CashApp, Stripe, Apple Pay. Not in this case. They are pretty good for casinos like cafe casino which I sometimes come in to find new exclusive games. But for such a business it is better to consider other options.
Click to expand...

Hi, could you please explain why it's better not to use Venmo, PayPal, or Apple Pay? Are they not reliable enough? Or do they retain information about the cards?
 
Last edited:
  • Like
Reactions: 1 user
Stagg737 said:
Didn’t realize Costco provided that service, but of course they do, lol.
Click to expand...
I mean this is what Luminello uses indirectly. Bluefin is a third party that uses Elavon as its underlying payment processor so you're just paying a % for a middleman. This is most of business and retail it seems.
 
You must log in or register to reply here.
Next unread thread

Similar threads

B
Suggestions on referral sources for new private practice
Replies
9
Views
759
Merovinge
Merovinge
G
Private Practice quick questions
Replies
27
Views
3K
TexasPhysician
TexasPhysician
P
Private Practice Suggestions!!
Replies
1
Views
619
dl2dp2
D
D
Solo Private Practice Folks: How do you handle coverage?
Replies
39
Views
1K
SmallBird
S
V
EMR for Private Practice
Replies
25
Views
3K
DrPembleton
D
Top