Choosing the wrong payment tool puts your therapy practice at serious risk. Not just the risk of a HIPAA violation and fines that start at $100 per incident, but the risk of losing client trust overnight.
Most payment processors were built for retail businesses. Therapists operate under an entirely different set of rules. Every transaction that touches a client’s name, diagnosis, or insurance information is considered Protected Health Information (PHI). Without a signed Business Associate Agreement (BAA) and proper encryption in place, even a standard credit card processor can put your practice out of compliance.
This guide breaks down the best HIPAA-compliant payment tools for therapists in 2026, what to look for before you sign up, and how to integrate payment processing into a therapy website that actually converts.
At Mental Health IT Solutions (MHIS), we build and optimize digital systems exclusively for mental health practices. We know what tools work, what to avoid, and how your website and payment systems should work together to support practice growth.
Why HIPAA-Compliant Payment Processing Is Non-Negotiable for Therapists
Under HIPAA, any information that connects a patient to a health service qualifies as PHI. This includes names, payment amounts, appointment dates, and insurance data. When a client pays for a therapy session, that transaction can easily carry PHI.
Using a non-compliant payment processor, one without an active BAA, puts you in violation of the HIPAA Privacy and Security Rules. Penalties range from $100 to $50,000 per violation, with annual caps reaching $1.5 million for repeated violations. Beyond the financial risk, a data breach damages the trust you have built with clients.
Three things every therapist needs before processing payments online:
- A signed BAA from the payment processor
- End-to-end encryption (AES-256 or FIPS-140-2 compliant)
- PCI-DSS compliance for card transaction security
If a payment tool cannot provide all three, it is not suitable for a therapy practice.
HIPAA-Compliant Payment Tools for Therapists: Quick Comparison
| Tool | Pricing | BAA Available | EHR Integration | Best For |
|---|---|---|---|---|
| Ivy Pay | 2.75% flat per transaction | Yes | No | Solo practitioners |
| SimplePractice | Subscription-based | Yes | Yes (built-in) | Solo and group practices |
| TherapyNotes | From $49/month | Yes | Yes (built-in) | Group and multi-specialty |
| Square | 2.9% + 15-30c per transaction | Yes | Limited | In-person and hybrid |
| JotForm | Flexible plans | Yes | Configurable | Custom intake and payment forms |
The Best HIPAA-Compliant Payment Tools for Therapists in 2026
1. Ivy Pay: Best for Solo Practitioners
Ivy Pay was built from the ground up for licensed therapists. It is one of the few payment processors designed specifically for mental health professionals rather than adapted from a general retail platform.
Key Features:
- Signed BAA included with all accounts
- Flat 2.75% transaction fee with no monthly subscription
- No-swipe payment model where clients enter their own card details, reducing therapist exposure to sensitive data
- Digital receipts and real-time payment tracking
- Supports one-time and recurring payments
Who It Works Best For: Solo therapists who want a simple, low-cost, compliant payment system without committing to a full practice management subscription.
Limitations: Credit card payments only, no insurance billing, and no desktop version. If you need insurance claim processing or EHR functionality, Ivy Pay will need to be paired with another platform.
Bottom Line: For a solo practice that wants to get compliant quickly without overpaying, Ivy Pay is the most direct path.
2. SimplePractice: Best All-in-One Practice Management
SimplePractice combines payment processing with scheduling, EHR, telehealth, and client portal functionality. It is the most widely used platform in the private practice therapy space for a reason.
Key Features:
- HIPAA-compliant billing through a secure client portal
- Full EHR integration with scheduling, invoicing, and clinical notes
- Automated recurring payments and card-on-file storage
- Insurance billing, superbill generation, and claim submission
- Signed BAA provided to all subscribers
Who It Works Best For: Therapists who want to manage their entire practice from one platform, including billing, notes, scheduling, and telehealth.
Limitations: Subscription costs are higher than standalone payment tools, and the platform requires setup time to fully configure.
Bottom Line: If you are going to invest in one system, SimplePractice offers the most complete solution for private practice therapists at any practice size.
For practices also working on their digital intake process, see our guide on the best online intake forms for therapy practices.
3. TherapyNotes: Best for Group and Multi-Specialty Practices
TherapyNotes is a robust behavioral health EHR that includes built-in payment processing with an emphasis on documentation, compliance, and billing efficiency.
Key Features:
- Electronic billing for credit cards and insurance claims
- FIPS-140-2 compliant encryption for all PHI
- Client portal for payments, scheduling, and intake forms
- Automated invoicing and payment tracking
- BAA included with all plans
Who It Works Best For: Group practices, multi-clinician teams, or practices handling a high volume of insurance billing alongside out-of-pocket payments.
Limitations: Pricing starts at $49 per month per clinician, which adds up quickly for larger teams. Solo practitioners may find it more than they need.
Bottom Line: TherapyNotes is the strongest option for group practices that need compliance-grade documentation paired with efficient billing.
4. Square: Best for In-Person and Hybrid Practices
Square is a well-known payment platform that offers a BAA for healthcare providers, making it a viable option for therapists who see clients in person and need flexible payment processing.
Key Features:
- BAA available for healthcare use cases
- PCI-DSS compliant with contactless, card-on-file, and invoice payments
- No monthly fee, charges 2.9% plus 15 to 30 cents per transaction
- Free POS terminal available
- Integrates with selected practice management tools
Who It Works Best For: Therapists with physical office locations who want a low-cost, flexible payment option alongside their existing practice management system.
Limitations: Auto-generated email receipts must be disabled to avoid inadvertently exposing PHI. Square is not a practice management platform and has limited direct EHR integration.
Bottom Line: Square works well as a secondary payment tool for in-person payments, but it should be paired with a proper practice management system for full functionality.
5. JotForm: Best for Custom Intake and Payment Workflows
JotForm provides HIPAA-compliant online forms that can collect payments, intake information, and consent signatures in a single workflow. It integrates with over 30 payment processors including Square and PayPal when configured correctly for HIPAA compliance.
Key Features:
- BAA available on HIPAA-compliant plans
- Encrypted forms for PHI collection and payment processing
- Supports 30 plus payment integrations
- Fully customizable intake and payment form templates
- Minimal PHI storage model for compliance
Who It Works Best For: Practices that want to streamline intake and payment into one digital experience, or those building custom workflows around their existing EHR.
Limitations: HIPAA compliance depends on correct configuration, so not every default setting is compliant out of the box. Full EHR functionality requires additional integrations.
Bottom Line: JotForm gives the most flexibility for practices that want to customize how they collect information and process payments together.
For practices thinking about how these tools integrate with their website, see how we approach HIPAA-conscious digital strategy for mental health practices.
Ready to build a therapy website that works with your payment systems from day one? At MHIS, we design and develop therapist websites that are structured for compliance, conversion, and search visibility. See our therapist website development service and explore what a high-performing practice website looks like in our portfolio.
How to Choose the Right Payment Tool for Your Therapy Practice
The right choice depends on four factors specific to your practice setup.
Practice Size Solo practitioners benefit most from low-cost, low-complexity tools like Ivy Pay or Square. Group practices with multiple clinicians need the administrative depth of SimplePractice or TherapyNotes.
Billing Type If you are insurance-based or work with superbills, you need a platform with built-in insurance billing like SimplePractice or TherapyNotes. If you are private-pay only, Ivy Pay or Square may be sufficient.
In-Person vs. Telehealth Fully online practices can operate with any of the five tools above. Hybrid or in-person practices benefit from Square’s POS functionality alongside a practice management system.
Integration Needs Consider how your payment tool will connect with your website, scheduling system, and EHR. SimplePractice and TherapyNotes handle this internally. Square and JotForm require external integration depending on your existing setup.
HIPAA Payment Compliance Checklist for Therapists
Before activating any payment tool in your practice, verify the following:
- The vendor has signed a BAA specific to your account
- All data is encrypted in transit and at rest using AES-256 or equivalent
- The platform is PCI-DSS compliant for card transactions
- Auto-generated receipts are reviewed and configured to avoid PHI exposure
- Staff have received basic HIPAA training related to payment processes
- Your privacy notice references digital billing data collection
- The payment tool is listed in your practice’s HIPAA security risk assessment
Wondering how your current therapy website stacks up against HIPAA best practices? We audit and rebuild therapy websites for compliance, speed, and local SEO every day. See examples of therapist websites we have built or get in touch to discuss your practice needs.
How MHIS Helps Therapists Build Payment-Ready, High-Converting Websites
A HIPAA-compliant payment tool is only part of the picture. Where that payment experience lives matters just as much.
Most therapy websites are not built to convert. They look generic, load slowly, and give potential clients no clear reason to book a consultation. At Mental Health IT Solutions, we build therapist websites on WordPress specifically because it gives practices full ownership, better SEO flexibility, and the ability to integrate with tools like SimplePractice, TherapyNotes, and Ivy Pay without friction.
Our website builds for therapists include:
- SEO-optimized site architecture built to rank in competitive local markets
- Mobile-first design that reflects your brand and builds trust quickly
- Conversion-focused layout with clear calls to action and booking flows
- Integration support for your preferred payment and scheduling tools
- HIPAA-conscious recommendations for how contact forms and booking systems are configured
We also manage SEO for mental health practices and help therapists rank for the keywords that bring in qualified clients, not just traffic. Our work spans solo practitioners in competitive markets like California, New York, and Toronto, through to group practices scaling across multiple locations.
Frequently Asked Questions: HIPAA-Compliant Payment Tools for Therapists
What payment tools are HIPAA-compliant for therapists?
The most widely used HIPAA-compliant payment tools for therapists are Ivy Pay, SimplePractice, TherapyNotes, Square (with BAA configured), and JotForm. Each provides a Business Associate Agreement and uses encryption to protect client data during payment transactions.
Does Square have a BAA for therapists?
Yes, Square offers a Business Associate Agreement for healthcare providers, which is required to use Square in a HIPAA-compliant way. Therapists must also disable auto-generated receipts to avoid inadvertent PHI disclosure. Square works well for in-person or hybrid practices but is not a full practice management system.
Is PayPal HIPAA-compliant for therapy practices?
Standard PayPal accounts are not HIPAA-compliant and PayPal does not sign BAAs with individual users. Therapists should not use standard PayPal for client payments. Some integrations through JotForm allow PayPal to be configured in a HIPAA-conscious way, but this requires careful setup and is not the default.
What is a BAA and why do therapists need one?
A Business Associate Agreement (BAA) is a contract between a covered entity (such as a therapy practice) and a vendor that handles PHI on their behalf. Under HIPAA, any vendor processing payment data that includes PHI must sign a BAA. Without one, using that vendor is a HIPAA violation regardless of how secure their technology is.
Can therapists use Venmo or Zelle for client payments?
No. Venmo and Zelle do not offer BAAs and are not designed for healthcare transactions. Using them for therapy payments puts client data at risk and places your practice in violation of HIPAA. Even if a client prefers these platforms, a therapist is obligated to use compliant alternatives.
What is the most affordable HIPAA-compliant payment tool for a solo therapist?
Ivy Pay is the most cost-effective option for solo practitioners. It charges a flat 2.75% per transaction with no monthly fee and was designed specifically for therapists. Square is also affordable with no subscription cost, though it requires additional configuration for HIPAA compliance.
Conclusion
HIPAA-compliant payment processing is not optional for therapists. It is a legal requirement and a core part of how clients experience your practice. The right tool depends on whether you practice solo or in a group, whether you bill insurance or work private-pay, and how your payment system needs to connect with your website and EHR.
Ivy Pay and Square work well for straightforward, low-cost setups. SimplePractice and TherapyNotes provide the most complete all-in-one infrastructure for practices that need scheduling, notes, and billing in one place. JotForm adds flexibility for custom intake workflows.
Whichever tool you choose, it needs to be paired with a website that is built to support it, both technically and from a conversion standpoint.
{ “@context”: “https://schema.org”, “@graph”: [ { “@type”: “BlogPosting”, “@id”: “https://mentalhealthitsolutions.com/blog/best-hipaa-compliant-payment-tools-for-therapy-practices/#blogposting”, “mainEntityOfPage”: { “@type”: “WebPage”, “@id”: “https://mentalhealthitsolutions.com/blog/best-hipaa-compliant-payment-tools-for-therapy-practices/” }, “headline”: “Best HIPAA-Compliant Payment Tools for Therapy Practices (2026 Guide)”, “name”: “Best HIPAA-Compliant Payment Tools for Therapy Practices (2026 Guide)”, “description”: “Discover the best HIPAA-compliant payment tools for therapists in 2026. Compare features, pricing, and BAA availability to protect client data and streamline billing.”, “image”: { “@type”: “ImageObject”, “url”: “https://mentalhealthitsolutions.com/wp-content/uploads/2025/08/HIPAA-compliant-payment-tools-for-therapy-practice.png”, “contentUrl”: “https://mentalhealthitsolutions.com/wp-content/uploads/2025/08/HIPAA-compliant-payment-tools-for-therapy-practice.png” }, “url”: “https://mentalhealthitsolutions.com/blog/best-hipaa-compliant-payment-tools-for-therapy-practices/”, “datePublished”: “2026-05-16”, “dateModified”: “2026-05-16”, “inLanguage”: “en-US”, “author”: { “@type”: “Organization”, “name”: “Mental Health IT Solutions”, “url”: “https://mentalhealthitsolutions.com” }, “publisher”: { “@type”: “Organization”, “name”: “Mental Health IT Solutions”, “url”: “https://mentalhealthitsolutions.com”, “logo”: { “@type”: “ImageObject”, “url”: “https://mentalhealthitsolutions.com/wp-content/uploads/2025/08/HIPAA-compliant-payment-tools-for-therapy-practice.png” } }, “articleSection”: “Mental Health Practice Management”, “keywords”: [ “HIPAA-compliant payment tools for therapists”, “HIPAA payment processing therapy”, “best payment tools for therapists 2026”, “therapy practice payment processing”, “Ivy Pay for therapists”, “SimplePractice payment”, “TherapyNotes billing”, “BAA payment processor therapist”, “HIPAA billing for mental health practices” ], “about”: [ { “@type”: “Thing”, “name”: “HIPAA Compliance” }, { “@type”: “Thing”, “name”: “Payment Processing for Therapists” }, { “@type”: “Thing”, “name”: “Mental Health Practice Management” } ], “mentions”: [ { “@type”: “SoftwareApplication”, “name”: “Ivy Pay”, “applicationCategory”: “Payment Processing”, “description”: “A HIPAA-compliant payment processor designed specifically for licensed therapists, offering a flat 2.75% transaction fee with no monthly subscription.” }, { “@type”: “SoftwareApplication”, “name”: “SimplePractice”, “applicationCategory”: “Practice Management Software”, “description”: “An all-in-one HIPAA-compliant practice management platform for therapists covering billing, scheduling, EHR, and telehealth.” }, { “@type”: “SoftwareApplication”, “name”: “TherapyNotes”, “applicationCategory”: “Practice Management Software”, “description”: “A behavioral health EHR with built-in HIPAA-compliant payment processing, best suited for group and multi-specialty practices.” }, { “@type”: “SoftwareApplication”, “name”: “Square”, “applicationCategory”: “Payment Processing”, “description”: “A general-purpose payment processor that offers a BAA for healthcare providers, suitable for in-person and hybrid therapy practices.” }, { “@type”: “SoftwareApplication”, “name”: “JotForm”, “applicationCategory”: “Form Builder and Payment Processing”, “description”: “A HIPAA-compliant form builder supporting custom intake and payment workflows with over 30 payment processor integrations.” } ] }, { “@type”: “BreadcrumbList”, “@id”: “https://mentalhealthitsolutions.com/blog/best-hipaa-compliant-payment-tools-for-therapy-practices/#breadcrumb”, “itemListElement”: [ { “@type”: “ListItem”, “position”: 1, “name”: “Home”, “item”: “https://mentalhealthitsolutions.com/” }, { “@type”: “ListItem”, “position”: 2, “name”: “Blog”, “item”: “https://mentalhealthitsolutions.com/blog/” }, { “@type”: “ListItem”, “position”: 3, “name”: “Best HIPAA-Compliant Payment Tools for Therapy Practices (2026 Guide)”, “item”: “https://mentalhealthitsolutions.com/blog/best-hipaa-compliant-payment-tools-for-therapy-practices/” } ] }, { “@type”: “Organization”, “@id”: “https://mentalhealthitsolutions.com/#organization”, “name”: “Mental Health IT Solutions”, “alternateName”: “MHIS”, “url”: “https://mentalhealthitsolutions.com”, “description”: “A specialized digital marketing, SEO, and website development agency serving therapists and mental health practices across the United States and Canada.”, “areaServed”: [ { “@type”: “Country”, “name”: “United States” }, { “@type”: “Country”, “name”: “Canada” } ], “knowsAbout”: [ “Therapist SEO”, “Mental Health Website Development”, “HIPAA-Conscious Digital Marketing”, “Private Practice Growth”, “Google Ads for Therapists”, “Local SEO for Mental Health Practices” ] } ] }MHIS specializes in building and growing digital systems for mental health practices. From therapist websites that rank on Google to SEO strategies that bring in consistent local traffic, we work exclusively in the mental health space. Start a conversation with our team or explore our work to see what growth looks like for practices like yours.