Comply with Square’s HIPAA requirements
About HIPAA compliance
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes federal standards protecting sensitive health information from disclosure without the patient's consent. The US Department of Health and Human Services issued the HIPAA Privacy Rule to implement HIPAA requirements.
Square's approach to security is designed to protect both you and your customers. When using Square services in connection with Protected Health Information (PHI), specific agreements and compliance measures must be in place to meet HIPAA requirements.
Before you begin
Ensure you’ve reviewed Square’s HIPAA Business Associate Agreement.
Square sellers are responsible for determining whether they are subject to HIPAA requirements and whether they intend to use the Services in connection with PHI.
HIPAA Business Associate Agreement
If you are subject to HIPAA as a Covered Entity or Business Associate, as defined in HIPAA, and use Square services in a manner that causes Square to create, receive, maintain, or transmit Protected Health Information (PHI) on your behalf, then you agree to the HIPAA Business Associate Agreement ("HIPAA BAA").