Is QuickBooks Online HIPAA Compliant?
Have you ever wondered if QuickBooks Online is HIPAA compliant?
My guess is that many have not. I only decided to look into this when developing the QuickBooks Online integration for Jasmine.
You may even be asking yourself, “Why does my accounting software need to be HIPAA compliant?”
The short answer is that as an acupuncturist and medical professional, you need to understand how all your patient data is used and handled.
In this post, we’ll cover QuickBooks Online and HIPAA, can acupuncturists use QuickBooks, how to use QuickBooks as an acupuncturists, and how the Jasmine/QuickBooks integration will handle patient data.
HIPAA & QuickBooks
QuickBooks has put together a page detailing their official stance on HIPAA.
Here is their answer:
Currently, QuickBooks Online (QBO) meets industry standards for online security, but is not compliant with the HIPAA standards for privacy. If you are a health care professional, it is not recommended that you enter “individually identifiable health information” into the QuickBooks Online program.
We don’t have any further information on this subject, and we’re not equipped to advise you. For more information on the subject, as well as to seek legal advisement regarding this issue, log on to: http://www.hhs.gov/ocr/hipaa/
https://community.intuit.com/articles/1145503-is-quickbooks-online-hipaa-compliant
As stated, QuickBooks provides a high level of security, however, they are NOT HIPAA compliant.
What does this mean for acupuncturists using or looking to use Quickbooks Online?
Individually Identifiable Health Information
The way to use QuickBooks Online properly is to NEVER enter “individually identifiable health information”, as alluded to in the previous statement.
What is “individually identifiable health information”?
The HIPAA Privacy Rule states:
Protected Health Information. The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”
“Individually identifiable health information” is information, including demographic data, that relates to:
- the individual’s past, present or future physical or mental health or condition,
- the provision of health care to the individual, or
- the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
In summary, as noted by the HIPAA Privacy Rule, “individually identifiable health information” involves information including name, address, birth date, etc.
De-Identified Health Information
The HIPAA Privacy Rule gives guidance on how to use QuickBooks Online by acupuncturists.
The Privacy Rule states that “There are no restrictions on the use or disclosure of de-identified health information. De-identified health information neither identifies nor provides a reasonable basis to identify an individual.”
De-Identified Health Information. There are no restrictions on the use or disclosure of de-identified health information. De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information; either: (1) a formal determination by a qualified statistician; or (2) the removal of specified identifiers of the individual and of the individual’s relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual.
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
The end result of all this is that it is possible for you to use QuickBooks Online in your acupuncture practice with the caveat that the patient health information is de-identified and protected.
For the QuickBooks/Jasmine Integration, I will de-identify the patient’s name and invoices will not disclose any information regarding the patient’s medical condition.
If you’re interested in the Jasmine/QuickBooks Online integration, click on the link below and signup for the private invite.
Do you use QuickBooks Online in your acupuncture practice?
Minto Tsai
Founder
P.S. If this helped you, please Like, Share, email… all the social network love you can give!
