Handing billing to an outside partner means handing over access to Protected Health Information (PHI). Before signing on with any billing company, a few HIPAA-related questions can tell you a lot about how seriously they take compliance.
1. Will they sign a Business Associate Agreement (BAA)?
A BAA is a legal requirement, not a nice-to-have. Any billing partner handling PHI on your behalf must sign one before they touch a single record. If a vendor hesitates or treats this as optional, that's a red flag.
2. How is data transmitted and stored?
PHI should be transmitted only through encrypted, secure channels — never over plain email. Ask how claims data, EOBs, and patient information move between your systems and theirs, and how it's stored on their end.
3. Who has access, and why?
Access to PHI should be limited to the people who actually need it to do their jobs — billers and credentialing staff working on your account, not the entire company. Ask how access is controlled and reviewed.
4. What happens if something goes wrong?
Ask about their breach notification process. A compliant partner should be able to clearly explain how they detect, respond to, and report potential security incidents — and how quickly they'd notify you.
A billing partner that can answer these questions clearly — and puts a signed BAA in place before onboarding — is one that treats your patients' data with the seriousness HIPAA requires.
Want this handled for you?
Logicware handles claims, denials, credentialing, and reporting for mental health practices — start with a free billing audit.
Get Your Free Billing Audit →More from the Blog
5 Common Reasons Mental Health Claims Get Denied (And How to Fix Them)
May 18, 2026 · 6 min read
Billing BasicsCPT Codes Every Therapist Should Know: 90791 vs. 90837
May 10, 2026 · 4 min read
Insurance VerificationHow to Verify Insurance Benefits Before a Client's First Session
April 28, 2026 · 5 min read