Payroc Blog

Check out our latest tips and tricks

How to Take Payments in the Modern Processing World While Remaining HIPAA Compliant


A question I get asked all the time by those in the various healthcare profession: “Are you HIPAA compliant?” Seeing as it is one of the most important rules imposed upon doctors of all kinds, it is a fairly unsurprising question to hear.

To be sure, most payment providers are not HIPAA compliant because they do not need to be. When a patient is transacting a payment for medical services, often times the patient’s medical data is not being transferred -- only money is. And if only money is being transferred from the patient to the doctor, there is not going to be a breach of medical data (assuming the receipt is transmitted securely).

The one fairly sizable caveat is that if a payment is being processed through a medical-specific payment software, which keeps track of treatment, patient records and history, it better be HIPAA compliant.

However, while medical-specific software is convenient and time-saving, it can be pricey.

For that reason, if you go to various healthcare providers like I personally do, it is a simple credit card terminal that you are paying through, and those certainly do not have HIPAA compliance parameters built into them.

It is not the “sexiest” way to take a payment outside a specific medical software, but it is reliable and gets the job done.

Other options are to include a point of sale system, or even a somewhat robust mobile solution to allow transactions on a sleek tablet or iPad. Please note that if a POS software allows for SMS text receipts, they should never be used as it is not recognized as a HIPAA secure technology. However, secured email is, which takes us to our next option for medical professionals.

You can take payments online too. Now, because options can be limited to be compliant online, many healthcare providers use a simple payment gateway. You will not be able to price out products and procedures due to compliance natures, but you will be able to accept a dollar value (assuming of course the email receipt you send is secure within regulations).

So while government compliance in the medical field can complicate accepting payments for doctors, there are options and workarounds that are suitable for any practice, large or small.
To learn more about point of sales systems, click here!

Get in touch

Questions or comments? Use the link below to get in contact with a member of our team.

Contact us
Call us at (888) 477-4500 or email us at