Home Login Contact Us

HIPAA Guidelines and Compliance: Frequently asked questions (FAQ)

  • Updated

HIPAA (the Health Insurance Portability and Accountability Act), and specifically the HIPAA Security Rules, establishes national standards for protecting patient data through physical, technical, and administrative security measures.

Is Bill.com HIPAA compliant?

No - currently, we are not HIPAA compliant.

Why not?

We haven’t yet undergone the technical process required to become compliant.

What does that mean for me?

This means that prohibited information as outlined by HIPAA (i.e. healthcare information) should not be stored in Bill.com, or transferred using Bill.com.

Business Associate Agreement (BAA)

The BAA relates to entities that process personal health information and our system is not set up to process personal health information, our terms of service specifically prohibit customers using it for Protected Health Information (PHI).

5.7. PERMITTED USE OF THE SERVICE. You shall use the Service for the businesses or business activities permitted by Bill.com’s Acceptable Use Policy. Bill.com is not, and will not at any time be, a “business associate” of Subscriber for the purposes of The Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and Subscriber will not send or transmit any “Protected Health Information” (as defined in HIPAA) to Bill.com or otherwise in any manner through the Service.

Are you planning on becoming HIPAA compliant in the future?

We understand the importance for some companies to be able to include certain types of sensitive information in financial transactions. We are currently working towards becoming HIPAA compliant, although we do not have a definitive ETA right now. We’ll update this article when we have new information - subscribe to the article to get emails about updates, and keep an eye on the News and Announcements section to stay up-to-date.

As of August 2019, Section 6 of our Terms of Service have been revised:

We are not a “Business Associate” under HIPAA. You acknowledge and agree that Bill.com is not, and will not at any time be, a “business associate” of any user of the Service, including You, for the purposes of The Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). You agree that You will not send or transmit any electronic “Protected Health Information” (“ePHI”, as defined in HIPAA) to Bill.com or otherwise in any manner through the Service. You are solely responsible for ensuring that Your use of the Service complies with all applicable laws and regulations, including HIPAA. If We become aware that You have sent or transmitted ePHI in any manner through the Service in violation of this Agreement, We may delete the ePHI without any liability or notice to You, and You agree to pay any costs or fees associated with that ePHI deletion.

For more information about HIPAA and HIPAA compliance, please visit: U.S. Department of Health and Human Services - Health Information Privacy

Related articles

ABOUT

Our Story

Leadership

Customers

Newsroom

-  Press Releases

-  News Coverage

-  Press Kit

Investors

Events

Contact Us

Careers

PRODUCT

Accounts Payable

Accounts Receivable

International Payments

ACH Payment Processing

SOLUTIONS

Small Businesses

Mid-Sized Companies

Accounting Firms

Wealth Management

Banks

INTEGRATIONS

QuickBooks

Sage Intacct

Oracle NetSuite

Xero

Others

PRICING

Businesses

Accounting Firms

RESOURCES

Support

COVID-19 SMB Resources

Resource Center

-  Accountant

-  Businesses

Blog

FAQs

Refer a Business

Partner Program

Developers

App Center

Licenses

CONNECT

© 2020 Bill.com, LLC. All Rights Reserved.

Privacy Notice

Acceptable Use Policy

Legal