Two new Bill.com features can help add sophistication to financial processes while strengthening financial controls: enhanced approval policies and dual control. Join us to learn about both!

Learn how Enhanced Approval Policies can Streamline Your Workflow

Wednesday, Sep 8
10am PT | 1pm ET

Register Now

Thursday, Sep 16
1pm PT | 4pm ET

Register Now

Wednesday, Sep 22
11am PT | 2pm ET

Register Now

Wednesday, Sep 29
10am PT | 1pm ET

Register Now
Home Login Contact Us

HIPAA Guidelines and Compliance: Frequently asked questions (FAQ)

  • Updated

HIPAA (the Health Insurance Portability and Accountability Act), and specifically the HIPAA Security Rules, establishes national standards for protecting patient data through physical, technical, and administrative security measures.

Jump to:

Is Bill.com HIPAA compliant?

Bill.com Accounts Payable (AP) processes provide protections and safeguards for the privacy and security of Protected Health Information (ePHI).

Do I need to sign a Business Associate Agreement (BAA)?

The BAA relates to entities that process personal health information. The Bill.com system is only partially set up to process personal health information at this time, and our terms of service specifically prohibit customers using it for Protected Health Information (PHI) unless a BAA has been entered into with Bill.com.

As of July 31, 2020, we updated our terms on the subject to HIPAA as follows:

“Business Associate” under HIPAA. Bill.com may, upon request, operate as a “business associate” of certain users of the Service, including You, for the purposes of The Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). You agree that You will not send or transmit any electronic “Protected Health Information” (“ePHI”, as defined in HIPAA) to Bill.com or otherwise in any manner through the Service unless and until you have a Business Associates Agreement (“BAA”) with Bill.com. You are solely responsible for ensuring that Your use of the Service complies with all applicable laws and regulations, including HIPAA. If We become aware that You have sent or transmitted ePHI in any manner through the Service in violation of this Agreement or the BAA, We may delete the ePHI without any liability or notice to You, and You agree to pay any costs or fees associated with that ePHI deletion.

Are you planning on becoming fully HIPAA compliant in the future?

We understand the importance for some companies to be able to include certain types of sensitive information in financial transactions. We are currently working towards becoming fully HIPAA compliant, although we do not have a definitive ETA right now. We’ll update this article when we have new information.

For more information about HIPAA and HIPAA compliance, please visit: U.S. Department of Health and Human Services - Health Information Privacy

Related articles

ABOUT

Our Story

Leadership

Customers

Newsroom

-  Press Releases

-  News Coverage

-  Press Kit

Investors

Events

Contact Us

Careers

PRODUCT

Accounts Payable

Accounts Receivable

International Payments

ACH Payments

SOLUTIONS

Small Businesses

Mid-Sized Companies

Accounting Firms

Wealth Management

Banks

INTEGRATIONS

QuickBooks

Sage Intacct

Oracle NetSuite

Microsoft Dynamics

Xero

PRICING

Businesses

Accounting Firms

RESOURCES

Resource Center

-  Accountant

-  Businesses

Blog

FAQS

Support

Refer a Business

Partner Program

Developers

App Center

Legal

Security

CONNECT

Privacy Policy

Acceptable Use Policy

Cookie Policy

Terms of Service

© 2021 Bill.com, LLC. Bill.com, the Bill.com logo, and the “b” logo are trademarks of Bill.com, LLC. All other company names and brands are the property of their respective owners.