Skip to main content (Press Enter)
Helcim Logo
Click here if you return to contents

HIPAA and Credit Card Processing

The information in this article is for merchants using Helcim's Legacy System who signed up for Helcim prior to June 1, 2020.

HIPAA (Health Insurance Portability and Accountability Act of 1996) is US legislation that sets standards for protection of medical information.

Its primary purpose is to protect the privacy of an individual's health records. Healthcare providers, medical offices, and service providers that store or transmit health information fall within the scope of HIPAA and must therefore meet its compliance standards.

As a credit card processor, Helcim frequently receives inquiries from healthcare providers about HIPAA compliance. The US Department of Health and Human Services ( has stated that credit card processing does not fall within the scope of HIPAA as no health record information is being stored - only card payment information.

Card Processing Security Standards

Helcim, like other credit card processors, must adhere to the Payment Card Industry Data Security Standards (PCI-DSS) for protecting cardholder data. Helcim meets and goes above those standards, and is listed as a PCI Level-1 compliant service provider.

Exemption - Please Note

The exemption for HIPAA and credit card processing only applies to the actual credit card processing services. Therefore, Helcim's merchant services should not be used by healthcare professionals to store health records, such as entering medical procedure information in invoice line items or in the comment sections of transactions. This would be a violation of Helcim's Terms of Service. Since Helcim's credit card processing services are exempt from HIPAA, Helcim does not provide signed Business Associate Agreements as it does not store or transmit electronic protected health information (ePHI) accounts.

For further questions, please contact our support team.


Related Articles

PCI Compliance - A Quick Guide
Completing a Scan
Renew PCI Compliance if Not Expired
PCI - Uploading Your Current Certificate
PCI SAQ A - Hosted Ecommerce
PCI SAQ B - Dial Terminal
PCI SAQ B-IP - Internet Terminal
PCI SAQ C - Mobile App
PCI SAQ C-VT - Virtual Terminal
PCI SAQ A-EP - Direct Gateway API
PCI SAQ B-IP - 3G Terminal

Was this article helpful?

Feedback submitted - Thank you!

If you need immediate assistance please contact our Merchant Experience Specialists here