How to Ensure HIPAA-Compliant Billing

Therapist and nurse practitioner discussing HIPAA compliant invoicing and payment processing

When you hear someone reference HIPAA (aka the Health Insurance Portability and Accountability Act), you might think about client’s diagnoses, treatment plans, or progress notes.

But did you know that HIPAA’s privacy regulations also cover billing and how you get paid for providing therapy?

It’s true.

Whether you’re doing private pay or billing insurance, it’s essential that you have a HIPAA-compliant billing process.

This is especially important when you’re offering telehealth or teletherapy services, since you’re not accepting payment at the point of service as you would with in-person appointments.

The basics of HIPAA-compliant billing are actually simple

  1. Provide a service,
  2. Generate an invoice, superbill, or claim
  3. Share with the payer (client or insurance company)
  4. Then, get paid for your work.

Here’s each step you need to consider to make sure your billing process is complying with HIPAA regulations.

SimplePractice HIPAA Compliant Billing Processes

1. Generate an invoice, superbill, or claim

You can’t use just any invoicing software for this.

It’s important to do the investigative work to determine if your invoicing software is HIPAA-compliant, as the SimplePractice EHR software is.

For example—QuickBooks, Wave, PayPal, and Zelle do not meet HIPAA requirements. 

Certain vendors, like Venmo, even have explicit language in their Terms of Use that forbids the use of their software for healthcare-related transactions.

This means many different types of practices—like speech therapy or counseling—cannot safely use this payment solution.

While using payment processors does not fall under the HIPAA regulation, invoicing and billing needs to comply with HIPAA requirements.

By using SimplePractice, customers are already protected because they have a signed BAA with SimplePractice from the second they sign up for a trial or paid account.

A BAA is required for invoice processing—not payment processing—so there’s no need to sign any additional BAA.

Why does your practice need HIPAA-compliant payment processing?

Sign up for a free 30 day trial of SimplePractice

It’s because invoices contain all sorts of Protected Health Information (PHI) on them.

As soon as you put the client’s full name, the service performed, or a CPT or ICD-10 code on your billing document, it’s considered PHI—and that falls under HIPAA regulations.

To create a HIPAA-compliant invoice without an EHR solution, you can generate it in a Word or Excel document as long as you password-protect it.

In comparison, if you use an EHR such as SimplePractice, most platforms will automatically create claims, invoices, and superbills for you based on appointments or services rendered.

2. Share a billing document

If you use a software solution like SimplePractice, you can securely generate and send any billing documents to clients or insurance companies straight from the platform.

You must use a HIPAA-compliant email to securely send invoices.  If you’re sending invoices or claim information to a billing company, your only option may be to fax it. 

Sign up for a free 30 day trial of SimplePractice

3. Get paid

Now that you’ve created an invoice and figured out how to securely send it to the client, you need to get paid. In the same way you shouldn’t generate an invoice through a non-HIPAA-compliant service—like QuickBooks® or PayPal—you can’t accept payment through them either. 

Again, their Terms of Use don’t typically cover healthcare services. This means you’d be in violation of both the processor’s terms and HIPAA regulations if you send client invoices via those services. 

That leaves you with cash and check as your only options. However, one workaround is to create the invoice or superbill, send it to the client via a secure email, then have them pay using an on-the-spot payment capture solution like Square or Stripe.

But really, the easiest way to get paid is to use an EHR like SimplePractice.

With SimplePractice, you can generate claims, send them to clients, and get paid easily—all from one platform. 

Plus, if you sign up for the insurance company’s Electronic Remittance Advice forms (ERAs) and Electronic Funds Transfer (EFT), you can receive an electronic Explanation of Benefits (EOB). That way the insurance company can directly deposit payments into your business checking account. 

If a client is paying privately, they can use the credit card processor in your EHR to securely pay that bill right from their Client Portal.

The money will be deposited into your business bank account as soon as it becomes available. 

Sign up for a free 30 day trial of SimplePractice

Using an EHR like SimplePractice can ensure HIPAA-compliant billing

If you’ve been considering tying out a fully integrated, HIPAA-compliant EHR, SimplePractice gives you everything you need. You’ll get more organized and run a fully paperless practice.

Used by over 200,000 private practice clinicians nationwide, SimplePractice is the practice management software with HIPAA-compliant booking, billing, secure messaging, and telehealth for therapists, speech-language pathologists, occupational therapists, and other practitioners in the health and wellness industry.

To try SimplePractice out, sign up for a free, 30-day trial. No credit card needed.

READ NEXT: The Key to HIPAA-Compliant Email for Therapists

FacebookTwitterLinkedin
Never let
billing stop you
Learn more
List Checkmark
A woman looks at her phone.

Stay inspired

Get the latest stories from your peers right to your inbox.

Popular Articles

Are you interested in writing for Pollen?

Got a question for Ethics Consult?

Submit a Question