If you run a healthcare practice, you know that keeping patient data private is just as important as the care you provide. You have enough to worry about without stressing over whether your payment software is up to code.
This article explains how Helcim helps you stay HIPAA compliant, and shows you exactly how to get the documentation you need for your files.
In this article
Our approach to patient data
You probably already know HIPAA as the gold standard for keeping patient records private. In the industry, we call this Protected Health Information, or PHI.
Because we help you run your business with our payments platform, Helcim acts as a Business Associate. In plain English, this means we promise to protect your data just as carefully as you do.
| To back that promise up, we run a strict internal compliance program that checks our controls every year to ensure we are safeguarding your information correctly. |
How to view our compliance reports
Trust is good, but proof is better. We don't expect you to just take our word for it when we say we’re secure.
We publish the results of our yearly security reviews so you can see exactly how we operate.
| You can view and download this audit report by visiting the Helcim Trust Center at trust.helcim.com. As a Helcim merchant, you can enter your information and request access to our library of reports. |
| If Helcim is between HIPAA audit periods and you require a compliance bridge letter, just email privacy@helcim.com with the subject line HIPAA Bridge Letter Request. |
Getting it in writing (Requesting a BAA)
For many practices, you can't just know your software is compliant—you need a paper trail to prove it.
We are happy to provide you with a Business Associate Agreement (BAA). This is a standard document based on government templates that formally outlines how we protect your data.
To request a BAA
Send an email to our Compliance team at privacy@helcim.com.
Use the subject line Business Associate Agreement.
Next steps
If you have questions about how these security measures apply to your specific clinic or office, please reach out to our Support Team.
FAQ
How often does Helcim audit their HIPAA compliance?
We audit our HIPAA compliance program via an internal review at least once a year. This keeps our internal controls tested and up to date.
Is my patient data 100% secure?
In the tech world, no one can guarantee 100% security against every possible threat. However, we can guarantee that Helcim designs and operates rigorous internal controls that align with the industry's best practices to give you the strongest possible assurance that your data is safe.
Is this the same as PCI compliance?
Think of them as two different shields. PCI-DSS is the standard we meet (and exceed) to protect credit card numbers. Our HIPAA program is the extra shield we use specifically to protect health information. We do both.