As a covered business, you need to assess your trading partners` HIPAA compliance before doing business with them. However, the HIPAA privacy rule has a few exceptions, including for financial institutions. It`s not true. PayPal does not issue the cards, these cards are issued by Synchrony Bank (scroll to the bottom of this page and read the fine print.) The suggestion that issuing a credit card is a sign of trust and security is a mistake. Target also has its own credit card, which makes it HIPAA-non-compliant or even trustworthy. And in fact, these companies don`t spend anything – they co-brand the cards, much like United Airlines has a card co-branded with Chase. Any company can co-mark a card. If iCouch wanted to, we could also have our own credit card. We could easily go back and forth and debate the merits PayPal, but if you do not have a trading partner agreement with them, the point is debatable. PayPal collects purchase data and uses it to target advertising to customers. That is indisputable.

That is a fact. This was made clear by a PayPal executive on PayPal`s website. Any American practitioner who continues to use PayPal is negligent. Any American practitioner who has read this article and continues to use PayPal is now severely negligent. What for? Because we have provided clear, obtained and unambiguous evidence that PayPal uses payment history to target advertising. This is an undeniable violation of HIPAA. PayPal and Venmo acknowledge that they collect and sell user information that HIPAA defines as protected health information (PHI). But Venmo doesn`t need to join hipaa because it`s not a business partner.

However, covered companies such as healthcare providers must comply with HIPAA and are responsible for protecting and maintaining patient privacy and safety. Still, this issue isn`t relevant – PayPal`s not HIPAA compliant! They said so much – they use past purchase history to target offers and promotions to users. Point. It doesn`t matter if PayPal is a payment gateway, bank, or other type of business, it`s an explicit violation of HIPAA to share protected health information without written consent. And payment data for a therapy session is protected health information, because “providing care” means exactly that. So, using the purchase history of a patient who pays for mental health services to do targeted advertising? How much more ridiculous could this be? This is about the last thing a patient would want, regardless of whether it is a violation of the law. However, it is not PayPal that violates the law here – it is the practitioner who uses PayPal. Since the practitioner does not have a commercial partnership agreement with PayPal, it is the practitioner who is “the responsibility”. Tbhi`s interpretation of this information is that independent practitioners who receive payments to a commercial bank account for services without billing are involved in at least one, if not more, of the identifiers listed above, whether you or your client/patient can see it or not.

The digital footprint left behind can be hacked by criminals and therefore increases the vulnerability of people who rely on your professionalism for care. If you receive payments from your personal name rather than your practice name, talk to your lawyer to be aware of this business practice. This agreement governs the use of the product PayPal professional payments. Your use of the Professional Payments Product is subject to this Enterprise Payments Agreement, in addition to the terms of the PayPal User Agreement, the privacy policy PayPal and other applicable legal agreements between you and PayPal. Since Venmo is not a trading partner, they do not sign Commercial Partnership Agreements (BAAs). A BAA is a legal document that requires each signatory party to be HIPAA compliant and requires each to be responsible for maintaining compliance. Although Venmo as a financial institution is not technically required to sign a BAA, a covered company would have to choose to accept Venmo payments and Venmo suffers a breach that affects protected health information (PHI) such as a patient`s name, email address or credit card information – all of which are necessary to open a Venmo account – will hold the relevant company liable for the breach. However, HIPAA compliance is another issue. Cell uses authentication and auditing capabilities to secure personal data transmitted through its service that meets the REQUIREMENTS of the HIPAA security policy for these functions. However, Zelle does not sign business partnership agreements, which are required for all healthcare transactions with providers. As a result, healthcare professionals who choose to use the cell to pay for professional services are not HIPAA compliant.

By using these simple payment systems, suppliers leave a digital trail of non-compliance. With this exception, it seems that Venmo will not be considered a business partner. .