Can Therapists Use Venmo? A Cautionary Tale for Therapists Using Peer to Peer Payment Platforms

Nowadays, sharing information over the internet has become widely accepted and normal. This includes holding teletherapy sessions and virtual meetings. The options for taking payments for these sessions have become many. Among the payment options includes Venmo. But, the question remains -- is Venmo HIPAA-compliant? 

In this post, we’ll take a look at HIPAA-compliance and using Venmo as a payment platform.

If you don't already know, Venmo is a peer-to-peer payments app. It allows users to send and receive money from friends and family. Recently, therapist have begun to use Venmo to collect therapy session fees. 

We'll explore whether Venmo complies with HIPAA guidelines. 

You might even know some colleagues that are using Venmo to take payments from clients. Peer-to-peer payment platforms look easy, but they're not recommended for use in private practice.

I'll throw in some information about other HIPAA-compliant payment processors too. Aside from these, I'll also answer questions like, “Is Zelle HIPAA-compliant?” Read on to know more about this topic!

Is Venmo HIPAA-Compliant?

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. It includes a set of standards that you must follow to protect a patient's private healthcare information.

Unfortunately, Venmo is not a HIPAA-compliant payment method. Charging your clients through Venmo puts you at risk of violating HIPAA regulations. This means that you could be charge a fine.

In order for a company to be HIPAA compliant, they have to have procedures and policies in place. These policies help to safeguard patient data. If a third party has access to your client's private data, they need to have a Business Associate Agreement (BAA). 

Venmo does not have a BAA in place with any HIPAA-covered entity. Meaning that Venmo is not compliant with HIPAA regulations. 

Below are the reasons why Venmo is not HIPAA-compliant:

Venmo Collects and Sells User Data

Venmo openly acknowledges that they collect and sell their users’ data. This is a direct violation of the protected health information and HIPAA Act. Your clients probably don't know that they're at risk of having their information shared, without their consent. This is not secure and doesn't meet secure HIPAA regulations. 

There Is No Business Associate Agreement (BAA)

Venmo doesn't meet HIPAA requirements. This is because Venmo doesn't allow providers or users to fill out a BAA. Any payment system that you use needs to offer at least that level of protection. This way, you know that you're protecting your therapy client's information. It's best to use a payment processor with a BAA so that you can practice ethical standards as a therapist. 

Venmo States Their Limitations in Their Terms of Service

Venmo's terms of service say that you should not use them for health or medical transactions:

"Venmo should only be used to transact with people you know and trust. Do not use Venmo to transact with people you don’t know, especially if the payment involves the purchase or sale of a good or service. Unless Venmo expressly authorizes your payment for a good or service, for example, transactions with an authorized merchant or business profile, transactions made with your venmo debit card, or payments that are identified as for goods and services, paying or receiving payment for a good or a service is prohibited. If you use Venmo to conduct such a transaction and they later reverse the payment (which could occur if it is determined that this agreement was violated or if the payment was made using a compromised payment method or account), you could lose both the underlying goods or services and the money sent for them.”

HIPAA Regulation With Invoicing and Billing

Payment processors, in general, don’t need to follow HIPAA regulations. However, invoicing and billing companies do. That’s why so many peer-to-peer informal payment processors aren’t good options. You'll want to run a practice with integrity, and use a company with a BAA agreement.

As a Therapist, It’s Your Job (not your patients) To Ensure That HIPAA Is Enforced

Therapists need to be careful when handling patient information and payments. It’s your responsibility to make sure that you are using a HIPAA-compliant payment method.

If you use Venmo or other non-compliant payment processors, you could be at risk of violations. This could result in a fine of up to $50,000 per violation. Remember that clients can’t waive their right to HIPAA protections. This means that you could be on the hook for any HIPAA violation. Even if your client gives  you permission to use a tool like Venmo.

If It Isn’t HIPAA-Compliant How Can Therapists Use Venmo?

So many therapists on Psychology Today offer Venmo as a form of payment. It's understandable because it’s so convenient, easy, and modern. Even though it's not the best practice, the trend of using Venmo will likely continue. 

Follow “Safety Harbor” Rules

If you decide to use Venmo anyway, you'll want follow the Safety Harbor rules. To begin, you need to inform a patient that Venmo and other platforms aren’t secure. Let them know that they may sell their data to third parties. This way, the patient can make an informed decision about whether they want to use the service or not.

Write Clear Documentation

If the client insists on using Venmo after you told them of the risks, you'll want to put it in writing. Document that you gave the client information about the risks of using Venmo. Also note that they refused to use another payment form. This way, you've done your job in informing the patient. You might even have some protection if anything goes south. 

Turn On Your Privacy Settings

At the very minimum, if you’re going to use Venmo, you need to adjust the privacy settings. No one should be able to see who you're paying, or who is paying you. While this isn’t fool-proof, it’s going to be a better way to protect yourself and your patients.

Be Prepared for Likely Security Breaches

Unless there’s a major security breach, it's likely that therapists will keep using Venmo. There also haven't been any legislations addressing peer-to-peer payment platforms. If you're a therapists using Venmo, consider what this means for your practice. With the right information you can make appropriate decisions. 

Realistically, these companies will have security breaches over the course of their lifetime. By staying informed of the risks and letting your clients know about them, you can be prepared. Let's say, for example, a client's Venmo account gets hacked. What does that mean for their confidentiality and your therapy sessions? 

Hackers are capable of accessing payment information. They can also get into chat conversations you've had with patients. This would be a clear violation of HIPAA and the sanctity of trust in all your interactions. 
 

It’s Not Worth Jeopardizing Your Clients, Practice, and Profession

There's also been talk of the IRS doing audits. These conversations have been focused on companies that use peer-to-peer payment platforms. With this in mind, you never know if or when you'll be at risk of an audit. 

Getting audited puts you in a tricky position. It jeopardizes your patients, practice, and ability to work. To me, the convenience doesn't seem worth the risk. After all, there are so many other HIPAA-compliant payment processors available. These platforms will protect you, your patients, and your practice.

Is Venmo HIPAA-Compliant? Be Transparent with Clients 

When thinking about the ethics of using Venmo for therapy payments, consider a few key points. 

First, is the client choosing to use Venmo? Or are you insisting on it? If it’s the latter, then you should be able to explain why this method of payment is necessary. In some cases, the client chooses to use Venmo because of their financial situation. Some just prefer to use apps like Venmo, Cash App, or Paypal. If you're asking the client to use Venmo because it's convenient for you, then it's considered unethical. 

Second, how is the payment labeled? It could be seen as odd or coercive if you tell your client to use discreet wording of symbols when describing the payment transaction. The client might feel pressure to comply with your request. In this case they'll want to people please and maintain alliance in order to keep the treatments confidential. 

Finally, what is your motivation for using Venmo? If  you’re placing your desire to get paid right away above protecting the client’s privacy, this is an unethical practice. You should evaluate each scenario to decide if using Venmo for their payment is necessary. 

In any professional setting, it’s important to be maintain boundaries. This means respecting the privacy of those you work with. When using Venmo for therapy, you'll want to maintain a healthy client-therapist relationship. 

First, if your clients are using pseudonyms to pay for their therapy, they might not feel totally comfortable using Venmo. You can be mindful of the impact this has on your therapeutic relationship. This will help you decide if Venmo is serving your client in the best way. 

Second, remember that it’s up to you to protect your client's privacy. This includes keeping their information secure and respecting the sanctity of the work that you do. At the end of the day, it’s your responsibility to ensure that your clients feel safe and respected.
 

You’ve Got Options: HIPAA-Compliant Payment Processors  

There are many other secure payment options. Popular ones include Ivy Pay, Doxie, Payment Cloud, and more. Additionally, there are some payment options — like Stripe. Stripe isn't HIPAA-compliant on its own, but if its integrated into an EHR system, it can be. 

Easy tip: To comply with HIPAA, you have two options. You can use a processor integrated with an EHR system. The other option is to use a payment platform that is clear in their usage, like Ivy Pay. 

Beware of Other Popular Payment Apps That Are Not HIPAA-Compliant

• Zelle
• PayPal
• Facebook
• Cash App
• WorldRemit
• Quickbooks
• Wave

There are companies that claim to be HIPAA compliant. However, it's important to look at their terms and conditions. You could find that they're not actually compliant. 

Zelle, PayPal, Facebook, Cash App, WorldRemit, Quickbooks, and Wave all collect and sell their users’ data, which is expressly prohibited under HIPAA. While these companies may be easy to use, they are not compliant with HIPAA regulations. If you’re looking for a HIPAA-compliant solution, you’ll need to find a company that doesn’t collect or sell your data.

Uphold Standards in Therapy with a HIPAA-Compliant Payment Processor

HIPAA-compliant payment processors are the best choice for therapists. While it's tempting to use Venmo and other peer-to-peer payment platforms, you're risking HIPAA violations. Paying attention to the details of how you process payments will help you avoid any potential problems down the road.

As therapists, it's our duty to uphold the highest standard of care for our clients. That includes being mindful of how our payments are taken. Using a HIPAA-compliant payment processor assures you that your client's information is protected. This is the most important thing to remember when it comes to payments in therapy.

We hope this helps. After all, having clarity can help you navigate the ever-changing landscape of running a practice. It's up to us to find where integrity intersects with modern technological advancements. 

Yours,

LPJ
 

Disclaimer: It’s important to note that this isn't legal advice. These are considerations that we've heard from colleagues and from other professionals and I’m providing here in the spirit of warning, not as legal advice.