The 6 Best HIPAA-Complaint Credit Card Processing Companies For Healthcare Practices
These healthcare credit card processors meet our standards regarding HIPAA compliance, cost transparency, customer service, reputation, and integrations.
Frank KehlFrank Kehl has been researching and analyzing merchant services, payment gateways, and international money transfer services since 2015. He has a Bachelor of Science degree from Penn State and a Juris Doctorate from the Ventura College of Law.
Expert Analyst & Reviewer
Advertiser Disclosure: Our unbiased reviews and content are supported in part by affiliate partnerships, and we adhere to strict guidelines to preserve editorial integrity.
Healthcare payment processing is essential for modern practices, and it requires a HIPAA-compliant payment processing solution in addition to the usual hardware and software needed to accept credit/debit card payments. The right merchant services provider can set you up with not just the best credit card processing but also solid payment security, industrious software integrations, and brand-friendly customer-facing communications.
Know that you do not have to piecemeal solutions together.
In this article, we’ll explain the most important factors to evaluate in choosing a good credit card processor for your business, and we’ll profile our top choices for healthcare payment processors.
Why Do You Need HIPAA-Compliant Credit Card Processing?
Medical payment processing services are very important for all healthcare providers. Although most patients rely primarily on health insurance to cover the cost of their medical care, there are still plenty of times when they need to pay out-of-pocket for one reason or another. Co-pays, services not covered by insurance, policy limits, and patients with no insurance coverage are just some of the reasons why a patient might have to pay a medical provider directly.
Healthcare providers need to be able to accept payments not only in-person but also through the mail or through an online billing system.
Offering as many ways as possible for your patients to pay you encourages timely payment and helps to improve your cash flow. While direct payments to healthcare providers were traditionally made using paper checks, that’s no longer the case today. As in most other businesses, credit and debit cards have flourished, while checks and cash payments have declined dramatically in popularity. In the pandemic era, interest in contactless payment methods (e.g., digital wallets, QR codes, etc.) has also risen and is particularly important to any healthcare provider.
The bottom line is that your medical office needs to offer as many ways for your patients to pay you as possible, and you will need to sign up with a reputable merchant services provider to do that.
How To Navigate HIPAA-Compliant Credit Card Processing In Healthcare
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates that healthcare providers secure patients’ personal health information (PHI). This includes patients’ medical, financial, and personal information, and not just digital data but also written and oral information.
Finding a HIPAA-compliant payment processor is critical. To be fully HIPAA compliant, a processor must not only protect patients’ sensitive data but must also have a business associate agreement, or BAA, in place to protect against any potential data breach. By itself, payment processing is not a HIPAA-covered activity. However, additional features such as billing management and reporting services are likely to require a provider to be fully HIPAA compliant.
That’s why a BAA can make the difference between a HIPAA-compliant processor and a non-compliant one. It’s why Square makes our list of the best HIPAA-compliant credit card processing companies while PayPal does not.
6 Best Healthcare Payment Processing Companies
Our favorite healthcare credit card processing providers offer full HIPAA compliance, fair pricing, transparent sales practices, and excellent customer service. The best HIPAA-compliant payment processing providers are PaymentCloud, Host Merchant Services, Helcim, Square, Dharma Merchant Services, and Chase Payment Services.
1. PaymentCloud: Best For High-Risk Healthcare Providers
Exclusive Promo: PaymentCloud will give you $200 if they can't beat your current rate. Get Your Quote
No application or account setup fees
Month-to-month billing (low-risk practices)
Offers free credit card terminal
Virtual terminal available
No publicly disclosed pricing (high-risk practices)
Why We Chose PaymentCloud For Healthcare Payments
PaymentCloud is a high-risk specialist that also offers low-risk accounts to qualifying businesses. While most healthcare providers fall into the low-risk category, the emerging field of telemedicine is still considered a high-risk industry by most credit card processors. PaymentCloud’s service package includes an online payment gateway for telemedicine portals, invoicing options, and solutions for echeck and ACH payments.
While the company doesn’t disclose pricing information or contract terms, it has a very positive reputation among users for fair pricing and reasonable terms. It’s worth looking at what PaymentCloud can offer you, as the company doesn’t charge any application or account setup fees.
No account setup fee
No monthly minimum (low-risk accounts)
Interchange + 0.05%-0.30% + $0.08-$0.10 per transaction (low-risk accounts)
Processing rates vary by the acquiring bank/back-end processor (high-risk accounts)
$15/month account fee (low-risk accounts)
Account fees vary by the acquiring bank/back-end processor (high-risk accounts)
“Free” credit card terminal available with each account
Like most high-risk providers, PaymentCloud typically requires a long-term contract (possibly with an early termination fee) for high-risk accounts. Terms will vary, depending on your backend processor. Low-risk merchants, however, might be able to get a month-to-month contract with no early termination penalty if they buy their processing equipment outright and pass on the company’s “free” terminal offer.
Why We Chose Host Merchant Services For Healthcare Payments
Host Merchant Services serves low-risk and many high-risk businesses, including those in the healthcare and medical fields.
All accounts come with month-to-month billing, interchange-plus pricing, and free basic website hosting services. A variety of mobile card readers, terminals, and POS systems are also available for accepting in-person payments. All processing rates and account fees are fully disclosed on the company’s website, making it easy to estimate your processing costs in advance. This transparency also simplifies the account setup process, as you won’t have to haggle with a sales agent over contract terms, rates, or fees.
Host enjoys a very positive reputation among users and particularly excels at providing high-quality customer support. It’s an excellent choice for your medical practice.
Host Merchant Services Pricing
No application or setup fees
$14.99/month account fee
Interchange + 0.25% + $0.10/retail transaction
Interchange + 0.35 + $0.10/eCommerce transaction
$5.00/month gateway fee (optional)
$15 chargeback fee
No PCI compliance fee
No early termination fee
Host Merchant Services Features
Full-service merchant accounts
Accepts most high-risk industries
Full line of countertop and mobile credit card terminals
Free terminal available to merchants processing over $20,000/month
Vital and SwipeSimple mobile processing solutions
Proprietary Bonsai POS system available
Clover and Vital POS systems are available
Authorize.Net payment gateway
Proprietary HMSExpress payment gateway
Virtual terminal included
Web hosting included with an account
Cash discounting program available
Host Merchant Services offers true month-to-month billing with no long-term commitment to all low-risk businesses. High-risk industries (including telemedicine providers) are underwritten by a separate backend processor, and may require both a long-term contract and an early termination fee if the account is closed prematurely.
Unlike our other top choices for healthcare credit card processing, Helcim does not offer business associate agreements (BAAs) to protect PHI and is only HIPAA compliant in the sense that its credit card processing services fall outside the scope of HIPAA laws. The company even states on its website that “Helcim’s merchant services should not be used by healthcare professionals to store health records, such as entering medical procedure information, in invoice line items, or in the comment sections of transactions.”
So why would you want to use Helcim? The answer is that the company offers full-service merchant accounts with no long-term contracts, no monthly fees, and transparent interchange-plus pricing. For a practice that only takes the occasional credit or debit card payment but wants to avoid the account stability issues that plague Square and other payment service providers (PSPs), it’s one of the most affordable options available anywhere. As long as you’re willing to wall off your patient records from your credit card processing, Helcim can save you a significant amount of money on your overall credit card processing costs.
Helcim’s proprietary Helcim Card Reader can function as a traditional countertop terminal, but you can also use it with the company’s POS software or mobile app. Helcim offers extensive pricing disclosures on its website and has a great reputation for providing outstanding customer support. It’s a good choice for a small practice that doesn’t need a lot of fancy bells and whistles.
Proprietary Helcim Card Reader for in-person payments
Helcim Payments app for mobile processing
Virtual terminal included with each account
Helcim POS software (requires tablet, laptop, or desktop computer)
Access to Helcim API for customized credit card payments
All of Helcim’s merchant accounts come with true month-to-month billing. There are no long-term contracts or early termination fees. Be aware, however, that the company does not accept high-risk businesses.
Square is one of our favorite payment processors, and the answer to the question “Is Square HIPAA compliant?” is a resounding yes. It offers a wide range of features with no monthly fee and transparent payment processing. The Square POS includes great security, reporting, invoicing, patient profiles, and more, all for free. Plus, with healthcare-focused data integration options such as IntakeQ, you can opt to add more functionality by going paperless and automating both the intake and payment process.
While Square can be a great choice for credit card processing for medical practices, it’s not for everyone. Square is a third-party payment processor — instead of opening up a dedicated merchant account for each user, Square aggregates all of its users under one account. This setup makes payment processing accessible to almost anybody, but it comes with some account stability issues.
$0/month for Square Free account ($29+/month for Square Plus accounts)
2.6% + $0.10/card-present transaction
2.9% + $0.30/online transaction
3.5% + $0.15/manually keyed-in transaction
2.9% + $0.30/invoice paid via credit or debit card
3.5% + $0.15/invoice paid via card on file
1%/ACH transaction (minimum $1 charge)
No ACH reject or chargeback fees
Square Contactless & Chip Reader — $49 each
Square Stand With Contactless & Chip Reader — $169
Square Terminal — $299
Square Register — $799 (or $39/month for 24 months)
Aggregated account for credit and debit card processing
Mobile card reader (magstripe-only) included with an account
EMV and NFC-capable card readers are available
Square Register POS system available
ACH processing included with every account
Square Online Store for eCommerce businesses
Basic Square Invoices feature included at no extra cost
Analytics and reporting available through Square Dashboard
Square uses month-to-month billing exclusively, and you can close your account at any time without penalty. Be aware, however, that all of Square’s hardware and software features are proprietary and will not work with any other credit card processor.
Not recommended if processing less than $10,000/month
Why We Chose Dharma Merchant Services For Healthcare Payments
Dharma is a fantastic credit card processing option for healthcare or wellness offices. With no annual fees or monthly minimums, and transparent interchange-plus pricing, Dharma delivers consistently excellent service. Plus, you’ll have access to a full range of Clover hardware, and the multiple payment channels on offer make processing in-person and over the phone quick and secure for your office.
While you will face monthly fees and an additional monthly charge to send invoices, Dharma’s pricing is very transparent, so you won’t get any surprises when your bill comes. You also won’t have to worry about binding contracts, early termination fees, or leasing agreements. Dharma offers full-service, HIPAA-compliant merchant accounts and a simple processing rate of interchange + 0.15% + $0.08 per transaction for healthcare providers. You can also take advantage of the company’s MX Merchant integrated payments platform to keep payment information from in-person and online transactions in one convenient place.
Dharma also offers discounted processing rates for nonprofits and practices processing over $100,000/month.
Dharma offers true month-to-month billing with all accounts, so there’s no long-term commitment or an early termination fee to worry about. There is, however, a reasonable $49 account closure fee if you do close your account for any reason.
Next-business-day funding for QuickAccept customers
Special features available for medical practices
Limited pricing info disclosed on the website
“Free” terminal requires a long-term contract
Why We Chose Chase Payment Solutions For Healthcare Payments
Unlike our other top picks, Chase Payment Solutions is a direct processor. The company offers a choice of either flat-rate or interchange-plus pricing plans, as well as credit card terminals, a proprietary payment gateway, a virtual terminal, and many other services. Chase offers HIPAA-compliant processing and a services package that includes patient billing management and scheduling features for healthcare providers. It also integrates with InstaMed for online patient payments.
We chose Chase Payment Solutions primarily on the strength of its healthcare industry-specific features and integrations. It’s also one of the very few direct processors in the payments industry that offers pricing and contract terms that are compatible with the needs (and budgets) of small businesses. One word of caution: It’s generally best to buy your processing hardware outright rather than taking advantage of the company’s “free” terminal offer. This offer usually requires you to forego month-to-month billing and accept a long-term contract with an expensive early termination fee.
Chase Payment Solutions Pricing
No application or setup fees
$0 monthly account fee
2.6% + $0.10/card-present transaction
2.9% + $0.15/card-not-present transaction
3.5% + $0.10/keyed-in transaction
Interchange-plus pricing also available
No gateway fees
No PCI compliance fees
No early termination fee
Chase Payment Solutions Features
Full-service merchant accounts
Choice of Verifone Vx520 or Ingenico iCT250 countertop terminals
Chase Smart Terminal point-of-sale (POS) system
QuickAccept, eDynamo card reader, and Chase mobile app for mobile payments
InstaMed integration available for online payment acceptance
Chase generally offers month-to-month contracts with no long-term commitment and no early termination fees (ETFs). However, you’ll usually have to accept a three-year contract (with an ETF) if you accept a free credit card terminal as part of your merchant account. We recommend buying your processing equipment outright to take advantage of the flexibility that a month-to-month contract provides.
6 Features To Look For In A Good Healthcare Payment Processor
Although healthcare providers often choose a payment processor primarily based on anticipated overall costs, many other factors are just as important. In evaluating the strengths and weaknesses of different competing providers, we strongly encourage you to consider the following features before making a final decision:
The safety and security of your patients’ payment information are supremely important — both to comply with HIPAA requirements and prevent a costly data breach. Malware, phishing, and data breaches can compromise the personal information of thousands of people, and medical offices have much more sensitive data to secure than other businesses.
The Payment Card Industry Data Security Standard (PCI-DSS) created a set of guidelines that requires all organizations that collect payments to become PCI compliant. When you’re looking for a merchant account, you can reduce your office’s PCI scope by finding a processor that includes the latest payment security features. Keeping cardholder data storage and transmission off of your own database and shifting it to the servers of a PCI-compliant payment processing company is a cost-effective way to keep your patient’s payment data safe. For a modern medical office, features such as end-to-end encryption, credit card tokenization, and hosted payment pages can provide state-of-the-art protection for your patients’ information.
Multiple Payment Channels
Offering your patients a wide range of payment methods is more important than ever. Besides accepting credit and debit cards, you’ll also want to add alternative payment methods that make it easy and convenient for your patients to pay you. Here are some options to consider when building out your office’s payments ecosystem:
Hardware & POS: Whether you want something sturdy for your countertop or a sleek tablet-based mobile processing option, consider what will best equip your front and back office.
Virtual Terminal: Every medical or wellness office should be ready to take a payment over the phone. A virtual terminal securely stores and processes your patient’s payment data. You can also combine virtual terminal software with a card reader to enable in-person payments.
Online Payments: Medical offices can accept online payments just as easily as eCommerce businesses with a payment gateway and a website. Specialized software suites for medical practices usually include this feature but may not offer the best pricing and often tie you to a preselected processor. Our top providers profiled above can usually offer the same capabilities at a lower overall cost.
ACH & eCheck Payments:ACH payments are a cheap and easy way to collect payments directly from your patients’ bank accounts. While you can get an ACH-only account, it’s usually better to include it as an additional feature of your merchant account.
Invoicing & Recurring Billing: Moving to electronic invoicing could save your office money and time and give your patients more options in paying you. Recurring invoices can help automate billing for repeat services or agreements that are common in wellness centers.
Integration is a critical consideration if your office relies on existing software programs. Finding a processing company that works with medical software can make things like implementing HIPAA-compliant payment methods that much easier.
Good Customer Support
Finding the help you need, whether it be technical expertise or a question about funds, is also something important to consider. Check out our full reviews of each credit card processor to learn what customers say about the company in question. Not all processors offer 24/7 support, but it is important to find quality support when you need it during normal business hours.
One of the biggest points of contention in the healthcare payment processing industry is the contract. We strongly encourage every healthcare office to read and understand their merchant account agreement. While every company on our list gets a clean bill of health when it comes to long-term, binding contracts, even some of the largest payment brands have unforgiving agreements that get very expensive (and very frustrating) for the users they serve. We recommend signing up with companies that offer more flexible terms, such as month-to-month agreements with no early termination penalties.
When you’re looking for a payment processor for your medical or wellness office, upfront pricing may be more elusive than you might think. We see a lot of “teaser rates” that mask hidden fees and similar bait-and-switch tactics. Again, reading your contract is crucial to understanding what you’ll actually be paying. Most of the picks on our list have transparent pricing, and we’ve uncovered the pricing structure of those whose pricing transparency leaves something to be desired. Regardless of the nature of your business, understanding how to look at your bill and determine what you’re paying for credit card processing in total can be critical.
Which HIPAA-Compliant Credit Card Processor Is Right For Your Business?
Finding a good credit card processor for your medical practice (or your dental office) is a bit more challenging than a typical retail or eCommerce business due to the need for HIPAA compliance and the even higher importance of payment security features.
Fortunately, many excellent healthcare payments companies are vying for your business, and the top picks we’ve discussed above all provide top-notch service at a fair price.
At the same time, it’s easy to overpay for services you don’t really need, and it’s also easy to get stuck with something that doesn’t serve your growing needs. Looking beyond the sticker price tag and considering what each credit card processor offers in total value is critical to finding the service that will help you grow your practice while accommodating your patients.
Credit and debit card processing is HIPAA compliant as long as the processor takes adequate steps to protect the patient’s protected health information (PHI), does not sell or disseminate patient payment data, and enters into a valid business associate agreement (BAA) with the healthcare provider. Note that popular peer-to-peer payment methods such as Venmo and Zelle do not have BAAs and should not be used to accept payments from patients.
Do payment processors need to be HIPAA compliant?
Payment processing by itself is considered to be outside the scope of HIPAA requirements. However, providers offering ancillary services such as invoicing, data analytics, or practice management software do fall under the scope of HIPAA and need to have a business associate agreement (BAA) with the healthcare provider. We do not recommend that medical providers use any payment processor that does not offer a fully HIPAA-compliant payment solution.
Are credit card processing companies HIPAA compliant?
It depends on the provider. While all merchant services providers offer a variety of security features, not all of them have taken the necessary steps to fully protect patient-protected health information (PHI) and offer business associate agreements (BAAs) to customers in the healthcare field. We recommend only using a provider that offers a fully HIPAA-compliant payment solution.
Is Venmo For Business HIPAA compliant?
No. Venmo offers a secure — and often free — method of sending and receiving payments. However, it does not enter into business associate agreements (BAAs) with medical offices, which is a requirement for HIPAA compliance. Also, Venmo shares user data with its parent company, PayPal.
Is Zelle HIPAA compliant?
No. While Zelle offers a secure payment method that meets HIPAA security requirements, it does not enter into business associate agreements (BAAs) with healthcare providers. Therefore, it is not HIPAA compliant and should not be used to accept patient payments.
Is Stripe compliant with HIPAA laws?
No. Stripe does not offer business associate agreements (BAAs) to users in the healthcare field, as required by HIPAA laws. Stripe also collects user data and uses it for advertising purposes, which is not permitted under HIPAA.
Is Chase Payment Solutions HIPAA compliant?
Yes. Chase Payment Solutions specializes in serving the healthcare community and offers a HIPAA-compliant payment processing solution. This solution includes specialized features, such as patient scheduling and billing management, as well as integration with InstaMed for online patient bill payments.
Is Square Invoicing HIPAA compliant?
Yes. Square offers a HIPAA-compliant payment processing solution and Business Associate Agreements (BAAs) to users in the healthcare field. For Square Invoicing, you will need to use an encrypted payment form to protect patients’ PHI.
Is a credit card considered PHI?
While credit card processing itself is considered to be outside the scope of HIPAA, patient cardholder data (including name, billing address, etc.) are classified as protected health information (PHI) and must be secured according to HIPAA requirements. To ensure HIPAA compliance, you will also need to enter into a Business Associate Agreement (BAA) with your chosen credit card processor.
In Summary: 6 Best Healthcare Payment Processing Companies
Frank Kehl has been researching and analyzing merchant services, payment gateways, and international money transfer services since 2015. He has a Bachelor of Science degree from Penn State and a Juris Doctorate from the Ventura College of Law.
Help us to improve by providing some feedback on your experience today.
The vendors that appear on this list were chosen by subject matter experts on the basis of product quality, wide usage and availability, and positive reputation.
Merchant Maverick’s ratings are editorial in nature, and are not aggregated from user reviews. Each staff reviewer at Merchant Maverick is a subject matter expert with experience researching, testing, and evaluating small business software and services. The rating of this company or service is based on the author’s expert opinion and analysis of the product, and assessed and seconded by another subject matter expert on staff before publication. Merchant Maverick’s ratings are not influenced by affiliate partnerships.
Our unbiased reviews and content are supported in part by affiliate partnerships, and we adhere to strict guidelines to preserve editorial integrity. The editorial content on this page is not provided by any of the companies mentioned and has not been reviewed, approved or otherwise endorsed by any of these entities. Opinions expressed here are author’s alone.
Our Experts Recommend PaymentCloud 🏆PaymentCloud can help almost any business get approved for payment processing.Whether you're looking to save money on processing or to get approved for a merchant account, PaymentCloud can help.Get StartedAt PaymentCloud