Can Therapists Use Venmo? A Cautionary Tale for Therapists Using Peer to Peer Payment Platforms

Nowadays, with teletherapy and virtual meetings becoming more of the norm, many payment processing options have emerged as potential transaction tools available for therapists, including Venmo — but, the question remains – is Venmo HIPAA compliant? 

Venmo is a peer-to-peer payments app that allows users to easily send and receive money from friends and family.

Recently, Venmo has been considered as one of the therapy payment options by therapists. 

We will explore whether charging clients through Venmo complies with HIPPA guidelines, along with HIPAA-compliant payment methods. Aside from these, we will also answer questions like, “Is Zelle HIPAA compliant?”

Even though some of your colleagues are using Venmo and clients may ask to use it or some other convenient peer-to-peer payment platform, Venmo is not a recommended tool to use in private practice.

Is Venmo HIPAA-Compliant?

The Health Insurance Portability and Accountability Act (HIPAA) is a law that was passed in 1996. It includes a set of standards that businesses must follow to protect electronic health information’s privacy.

Unfortunately, Venmo is not a HIPAA-compliant payment method. Therefore, charging your clients through Venmo could put you at risk of violating HIPAA regulations and possibly result in a fine.

In order for a company to be HIPAA compliant, they must have procedures and policies in place to safeguard patient data. They must also offer  a Business Associate Agreement (BAA) with any third party that will have access to this data.

Venmo does not have a BAA in place with any HIPAA-covered entity. Put simply, this means that Venmo is not compliant with HIPAA regulations. 

Below are the reasons why Venmo is not HIPAA compliant:

Venmo Collects and Sells User Data

Venmo openly acknowledges that they collect and sell their users’ data, which is a violation of the protected health information and HIPAA Act. This practice puts your clients at risk of having their confidential information shared without their consent or knowledge. This is not secure and not aligned with the ethics and standards of practicing therapy. .

There Is No Business Associate Agreement (BAA)

Venmo does not comply with HIPAA because they don’t allow providers or users  to fill out a business associate agreement. Any payment system that you use needs to offer that level of protection. This way, you know that they have the same privacy and security standards in place that you would have  as an ethical, practicing professional. 

Venmo States Their Limitations in Their Terms of Service

The company explicitly states in the terms of service that you should not use Venmo for health or medical transactions:

Venmo should only be used to transact with people you know and trust. Do not use Venmo to transact with people you don’t know, especially if the payment involves the purchase or sale of a good or service. Unless Venmo expressly authorizes your payment for a good or service, for example, transactions with an authorized merchant or business profile, transactions made with your venmo debit card, or payments that are identified as for goods and services, paying or receiving payment for a good or a service is prohibited. If you use Venmo to conduct such a transaction and they later reverse the payment (which could occur if it is determined that this agreement was violated or if the payment was made using a compromised payment method or account), you could lose both the underlying goods or services and the money sent for them.”

HIPAA Regulation With Invoicing and Billing

Even though payment processors don’t need to follow HIPAA regulations, invoicing and billing do have to comply with HIPAA requirements. That’s why so many peer-to-peer informal payment processors aren’t ideal options if you’re wanting to run a practice with integrity.

As a Therapist, It’s Your Job (not your patients) To Ensure That HIPAA Is Enforced

Therapists need to be especially careful when it comes to handling patient information and payment. As a therapist, it’s your responsibility to make sure that you are using a HIPAA-compliant payment method.

If you use Venmo or any other non-compliant payment processor, you could be risking a violation of HIPAA regulations. This could result in a fine of up to $50,000 per violation. Always remember that clients can’t waive the right to violate or surrender their HIPAA protections, which means that you could be on the hook for any HIPAA violation, even if your client gives you permission to use a tool like Venmo.

If It Isn’t HIPAA-Compliant How Can Therapists Use Venmo?

So many therapists on Psychology Today offer Venmo as a form of payment because it’s so convenient, easy, and modern. Despite it not being best practice and lacking HIPAA compliance, this trend will continue to grow in all likelihood. 

Follow “Safety Harbor” Rules

If you are going to succumb to a patient’s pressure or use a peer-to-peer device out of your own desire, you want to follow the Safety Harbor rules. To begin, you need to inform a patient that Venmo or other platforms aren’t secure and that they may sell their data to third parties. This way, the patient can make an informed decision about whether they want to use the service or not.

Make Clear Documentation

If the client is insisting even after they’ve been warned about the risks, then you want to document in writing that you gave the client the information, yet they refused. This way, you’ve done your job in informing the patient and may have some protection if anything goes south. Again, best practice is to use a payment processing system that doesn’t have these risks and doesn’t need a warning.

Turn On Your Privacy Settings

At the very minimum, if you’re going to use Venmo, you need to use the privacy settings so that no one can see who you’re paying and who you are being paid by. While this isn’t fool-proof, it’s going to be a better way to protect yourself and your patients.

Be Prepared for Likely Security Breaches

Until there’s a major security breach with Venmo or other peer-to-peer platforms, or until there’s legislation that’s going to directly address this, it’s likely that professionals will keep using Venmo and other similar non-compliant payment options. If that’s you, it’s important to think about what this means for your own private practice in case there ever is a violation of privacy or a security breach.

In all likelihood, these companies are going to become subject to breaches over the course of their lifetimes, and you want to understand the risks and inform your clients so you can be prepared. For example, if you have a patient who’s paying you through Venmo, and their account is hacked, what does that mean for the confidentiality of your therapy sessions?

Hackers could potentially access not only the payment information but also any conversations that you’ve had with patients in group chats. This would also be a clear violation of HIPAA regulations and the sanctity of trust of confidentiality in all of your interactions.

It’s Not Worth Jeopardizing Your Clients, Practice, and Profession

There have also been conversations about the IRS performing audits, especially of companies that use the peer-to-peer versus a business profile. With this in mind, you never know if/when you’re going to be audited.

You don’t want to be in that position and jeopardize your patients, your practice, and your ability to practice your profession. To me, it just doesn’t seem worth it. 

After all, there are so many other options that are HIPAA-compliant and will protect you, your patients, and your practice.

Is Venmo HIPAA-Compliant? Be Transparent with Clients 

In any professional setting, it’s important to be mindful of boundaries and to respect the privacy of those you work with. When using Venmo for therapy, there are a few considerations to keep in mind in order to maintain a healthy client-therapist relationship. 

1. First, is the client electing to use Venmo of their own accord, or are you insisting on it? If it’s the latter, then you should be prepared to explain why this method of payment is necessary. In some cases, it may be due to the client’s financial situation or a preference for using Cash App or Paypal. However, if you’re simply asking the client to use Venmo because it’s more convenient for you, then this could be considered unethical.
2. Second, how is the payment labeled? If you instruct the client to use discreet language or cryptic symbols to describe and complete a peer-to-peer transaction, this could be experienced as odd and coercive. The client may feel pressure to comply with your request in order to people-please, maintain an alliance, and keep their treatment confidential.

Also if your clients are electing to use code names for transactions, this may be an indication that they don’t feel 100% comfortable with using Venmo for their therapy. Be mindful of the impact that this can have on your therapeutic relationship and whether or not this is the best method of serving your client. 

1. Finally, what is your motivation for using Venmo? If you’re more concerned with getting paid quickly and efficiently than you are with protecting the client’s privacy, this could be considered a breach of ethical conduct. Ultimately, each case should be considered individually to determine whether or not using Venmo for therapy payments is necessary.

Remember, that it’s up to you to guard the privacy, the security, and the sanctity of the work that you do with your patients. At the end of the day, it’s your responsibility to ensure that your clients feel safe and respected.

You’ve Got Options: HIPAA-Compliant Payment Processors  

There are many other secure payment options like Ivy Pay, Doxie, Payment Cloud, etc. Additionally, there are some payment options — like Stripe — that may not be HIPAA compliant on their own but can be compliant when integrated into an EHR system. 

Easy tip: To comply with HIPAA, you must use an EHR system or choose from the payment platforms that are clear in their usage, like Ivy Pay. 

Beware of Other Popular Payment Apps That Are Not HIPAA-Compliant

• Zelle
• PayPal
• Facebook
• Cash App
• WorldRemit
• Quickbooks
• Wave

There are a number of companies that claim to be HIPAA compliant, but when you look at their terms and conditions, it’s clear that they are not. 

Zelle, PayPal, Facebook, Cash App, WorldRemit, Quickbooks, and Wave all collect and sell their users’ data, which is expressly prohibited under HIPAA. While these companies may be easy to use, they are not compliant with HIPAA regulations.

Uphold Standards in Therapy with a HIPAA-Compliant Payment Processor

HIPAA-compliant payment processors are definitely the way to go for therapists collecting payment for services. While it may be tempting to use Venmo or another peer-to-peer payment platform, doing so could risk violating HIPAA regulations. Paying attention to the details of how you process payments will help you avoid any potential problems down the road.

As therapists, we must always uphold the highest standards of care for their clients, and that includes being mindful of how they handle payments. By using a HIPAA-compliant payment processor, therapists can rest assured that they meet all the requirements to keep their clients’ information safe and secure. This is the most important thing to remember when it comes to payments in therapy.

We hope this helps. After all, having clarity about these matters can help you navigate the ever changing landscape where running a practice with integrity intersects with modern advances in technology.

Yours,

LPJ

Disclaimer: It’s important to note that this isn't legal advice. These are considerations that we've heard from colleagues and from other professionals and I’m providing here in the spirit of warning, not as legal advice.