Blog
  /  
Accounts Payable
  /  
Automate your AP & AR with a platform that understands your need for HIPAA compliance

Automate your AP & AR with a platform that understands your need for HIPAA compliance

Michael Davis, Contributing writer, BILL
illustrated dollarsHeader imageHeader imageHeader imageHeader image

Healthcare companies looking to streamline their accounts payable (AP) and accounts receivable (AR) operations can now automate those workflows through BILL and take advantage of additional protections for sensitive patient data.

If your organization handles electronic Protected Health Information (ePHI) and needs to maintain compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), this quick guide lays out how BILL can help you ensure the safety of PHI or ePHI.

Limiting access to ePHI

One of the most important steps in complying with HIPAA is limiting access to PHI or ePHI.

When evaluating partners for AP and AR automation, you should ask questions about the physical, technical, and administrative safeguards applied to the ePHI your patients have entrusted to you. Some of these questions may include: Where is the data stored physically? Is it being exposed to third parties? Who has access to the files?

BILL offers the following safeguards to protect ePHI and help customers comply with HIPAA.

Business Associate Agreement

If you engage a vendor to help carry out business activities involving ePHI, HIPAA requires that vendor to enter into a Business Associate Agreement (BAA) with you, establishing obligations for the joint protection of ePHI and for the vendor to provide assurances that it will provide appropriate safeguards for the ePHI.

If customers plan to enter any ePHI into BILL (including within documents uploaded to BILL), they need to sign a BAA with BILL. The BAA relates to vendors and business associates that receive or create ePHI. BILL's BAA establishes BILL's obligations as well as your obligations for the joint protection of PHI. The BAA also establishes that certain safeguards are in place to meet the recommended HIPAA guidelines.

Compliant data storage and access

BILL protects ePHI entered into designated fields within its AP and AR solution to ensure that ePHI is appropriately safeguarded. In addition, you can control internal access to data (like ePHI) and workflows by assigning role-based permissions within BILL, limiting what different team members can see and do. If you need to customize your permission settings, you can do that too.

This level of control helps protect ePHI while reducing opportunities for unauthorized personnel to gain access to it.

Compliant data handling

BILL employees with access to ePHI are required to complete training on the secure and compliant handling of ePHI. Access to ePHI is restricted to those with a specific need, such as a customer support request.

Peace of mind for healthcare organizations

If you’re looking to streamline your back-office operations, BILL offers the time savings and efficiencies of AP and AR automation with specific protections designed to apply appropriate safeguards for ePHI to help covered entities maintain HIPAA compliance.

To learn more about how BILL helps healthcare organizations streamline their AP and AR operations, click here.

For more information on HIPAA, including how to enable HIPAA for your organization, click here.

Michael Davis, Contributing writer, BILL

Michael specializes in helping businesses optimize financial operations by staying up-to-date with industry trends and translating insights into real-world applications. With expertise in AP, cash flow, and fintech, Michael breaks down complex topics to help businesses continue to grow.

The information provided on this page does not, and is not intended to constitute legal or financial advice and is for general informational purposes only. The content is provided "as-is"; no representations are made that the content is error free.