Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is Stax Payments HIPAA compliant?

Is Stax Payments HIPAA compliant?

Stax Payments is a credit payment facility that provides seamless payments options to its users. Stax Payments claims HIPAA compliance, citing the credit card processing exemption as the reason they do not sign a business associate agreement (BAA).

 

What is Stax Payments?

Stax is a comprehensive payment processing platform designed for healthcare providers and businesses looking to streamline their financial operations. It offers a range of features, including contactless payment options, customizable billing and invoicing, payment processing, and the ability to manage patient billing efficiently. Stax assures the highest level of data protection and encryption, making it a popular choice for healthcare businesses aiming to secure patient data while offering flexible payment solutions.

See also: Is IBM cloud HIPAA compliant?

 

Stax Payments and business associate agreements (BAAs)

Under HIPAA, a business associate agreement (BAA) is a document that outlines the responsibilities of third-party vendors when handling protected health information (PHI). Any software or service that stores, processes, or transmits PHI on behalf of a healthcare entity is considered a business associate and should, therefore, sign a BAA.

Stax, as secure payment processing for healthcare providers, does not handle the storage or transmission of PHI if used correctly. Therefore, they may not need to sign a business associate agreement. 

Upon reviewing Stax's privacy policy, they explicitly state that they do not need to sign a BAA. 

Stax payments general terms of conditions state: "When used as intended the Service does not require to enter into a formal Business Associate Agreement between the service and covered entities and other business associates as excluded by "45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)". The service is not intended as an electronic medical records (EMR) system, and should only be used as intended.

See also: Is using Gmail a HIPAA violation?

 

Stax Payments and data security

  1. Top-level Data Protection: Stax maintains the highest level of PCI compliance and employs a layered approach to security for processing payments in a secure environment.
  2. Encryption & Tokenization: Card information is encrypted on all processing devices and not stored after transactions. End-to-end encryption prevents data interception by third parties.
  3. HIPAA-Compliant Payment Acceptance: Stax's payment solutions are HIPAA-compliant, allowing healthcare providers to accept various forms of payment while keeping patient data secure without the need for a BAA.

 

Is Stax Payments HIPAA compliant?

Stax Payments states, "The exemption for HIPAA and credit card processing only applies to the actual credit card processing services. Therefore, Stax merchant services should not be used by healthcare professionals to store health records (e.g., entering medical procedure information in invoice line items or in the comment sections of transactions)."

Stax claims they are HIPAA compliant despite not signing a BAA due to the credit card processing exemption. However, we recommend to avoid including any PHI in transaction materials.

See also: HIPAA Compliant Email: The Definitive Guide

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.