How to Bill and Process Payments for Your Private Practice
One of the most frequent questions I get asked in my course and see in private SLP practice groups is "How do I bill and accept payments ethically and without violating HIPAA?" If you haven't thought about that, you should, because 1) you need to be paid for your services and, 2) you need to do so in a HIPAA-compliant manner. Here's my guide to ethically accepting and processing payments for your private practice.
Whether you are billing the client directly (private pay) or billing an insurance company, the basics of billing are that you need to generate an invoice /superbill /claim; get it to the payer (client or insurance company); and they will pay you for your services. HOWEVER- you have to do ALL of these steps in a HIPAA-compliant manner. Here's how:
1. Generate a superbill/invoice/claim: You cannot just use any old invoicing software for this.
Square- yes, IF you sign a BAA with them.
Stripe- yes, IF you sign a BAA with them.
The reason these services have to be HIPAA compliant is that the invoice you're generating has all sorts of PHI (Protected Health Information) on it. As soon as you put the client's full name, the fact that the invoice is for speech therapy, a CPT or ICD-10 code (all of which you need for a superbill or invoice)- it's become PHI and is therefore regulated by HIPAA rules.
To create an invoice in a HIPAA-compliant manner, you need to either create it as a Word or Excel doc and password protect it, or create it in your EHR (most will automatically create claims, invoices, and superbills for you).
2. Share the superbill/invoice/claim: If you are using an EHR, they almost always have an option to securely generate and send any billing documents to clients or insurance companies (not sure what an EHR is? Check out my blog post!) If you aren't using an EHR, though, you MUST have a HIPAA-compliant email (G Suite from Google, Microsoft Office 365, or another option like Hushmail or Virtru). You cannot send an invoice or superbill through regular, unsecured email. If you are sending it to a billing company to bill for you, you will need to fax it.
If you choose to create a superbill outside of an EHR and you would still like to accept credit cards as payment, you must make sure that the processor will sign a BAA with you. If you're going that route, you would create the superbill, securely send it to the client, then have them pay using that outside credit card processor.
However- if you are using any other credit card processor than Stripe and Square (after you sign a BAA), you would have to have clients pay an invoice that has absolutely ZERO PHI on it (no names, no birthdate, no CPT or ICD-10 codes), and clients cannot submit an invoice like that for reimbursement. So, using an outside credit card processor for invoicing AND payment would only be a viable option if you had a private pay client who was not interested in submitting a superbill for reimbursement. If your client is using an HSA to pay, then the invoice/ superbill MUST have identifying information on it, so this option won't work.
If you are using an EHR and billing insurance, sign up for the insurance company's ERA's (Electronic Remittance Advice forms) and EFT (Electronic Funds Transfer). That way, when they pay for a claim, you will get an electronic copy of the EOB, and the money will be directly deposited into your business checking account.
Want to know more about how billing and coding for your private SLP practice? My course, Private Practice Prep School, has an entire section on Setting Your Rate, How to Accept Payments, and even a Credit Card Processor comparison chart! I guide you through all of the steps necessary to ethically and HIPAA-compliantly bill your clients.
Do you have questions about HIPAA-compliant billing? Ask in the comments!