Lately, I’ve noticed an uptick in clients from the health and wellness industry wanting to move to the cloud.  QuickBooks Online is such a GREAT fit for this industry, but there are some things you should know.

Per Intuit’s support community:

“Currently, QuickBooks Online (QBO) meets industry standards for online security, but is not compliant with the HIPAA standards for privacy. If you are a health care professional using QBO, it is not recommended that you enter in ‘individually identifiable health information.’…We don’t have any further information on this subject, and we’re not equipped to advise you. For more information on the subject, as well as to seek legal advisement regarding this issue, go to:”1

…and that’s all they have to say ’bout that.

So, where does this leave medical offices that need to comply with HIPAA but want to leverage available technology?  My recommendation is always to keep your protected health information secured within your HIPAA-compliant medical billing software.  QBO can do invoicing, but it isn’t designed for medical billing.  Handling insurance invoices, cash payouts, deductibles, and co-pays are best left to your existing software.  Seek out other clinics within your industry and ask them what they use.  What do they like about it?  What would they change about it?  What’s the most cost-effective for you?

That being said, there is nothing preventing you from SUMMARIZING your revenue in QuickBooks Online by using sales summary receipts or invoices to record your revenue by service, insurance company, or event patient type.  As long as the information being entered is not “protected health information” you are in the clear.  The definition according to the US Department of Health & Human Services is

“…information, including demographic data that relates to:

  • the individuals past, present or future physical or mental health condition,
  • the provision of health care to the individual,
  • the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.  Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).”2

So, though you may not be able to look up the precise amount of John Doe’s care to date in QuickBooks Online, you can still see how your clinic is performing by comparing month to month, year over year, etc.  You can check your gross margin by comparing your revenue received from a certain treatment vs. the expense associated with performing the treatment.  Tracking how much business is coming in from insurance companies vs. how much comes in from cash-paying patients can help make decisions about marketing and growth strategies.  All of these metrics (and many more) are possible while using QuickBooks Online in conjunction with medical billing software.

As much as accountants like me would like to see our software become HIPAA-compliant and be the end-all be-all for all industries, in some cases (such as this one), it’s best left to the experts.  Any accountant or bookkeeper that is hired to take on the task of managing your books should be willing, at a minimum, to sign a “Business Associate Agreement/Contract” (a sample can be found here: in order to access any of your software that may contain protected health information.

Partnering with an accounting professional who specializes in accounting for the healthcare industry is a sound investment in the prosperity of your business and will likely be your best bet in ensuring your clinic and staff remain HIPAA-compliant.  Dynamic Bookkeeping loves working with medical professionals and would be happy to assist!   Click here to schedule a quick phone call to see if we may be a good fit!