HIPAA Configurations & Guidelines 

Chargebee supports HIPAA compliance for its billing and subscription management platform. Upon customer's request and notice to Chargebee that the customer intends to disclose ePHI to Chargebee in its use of such a platform, Chargebee may evaluate the necessity to share ePHI to the platform and choose to execute a business associate agreement (BAA) with the customer with respect to such platform.

Note

Unless a BAA is executed by Chargebee with a customer, the customer is prohibited from sharing any ePHI with Chargebee.

Additionally, even if a BAA is executed by Chargebee with the customer, it only applies to the core billing and subscription management platform of Chargebee and does not apply to any other component, product or service that Chargebee provides or makes available, including

  1. Any middleware, integrations or other components that is capable of being used in conjunction with the platform.
  2. Other products or services such as Chargebee Receivables, Chargebee RevRec or Chargebee Retention.

The validity of the BAA is subject to continued compliance by the customer to the mandatory configuration requirements relating to billing and subscription management platform set forth below.

Mandatory Configuration Requirements 

Given below is the list of mandatory requirements for HIPAA compliance

  1. Custom SMTP
    Chargebee allows email notifications to be sent out from Chargebee billing and subscription management platform using either Chargebee's SMTP server or customer's own SMTP server. However, for a HIPAA compliant account, customers must configure their own SMTP server to ensure autonomous control of incoming and outgoing emails and customers are prohibited from using Chargebee's SMTP servers.The custom SMTP server shall be completely managed by the customer. Please refer to the SMTP Configuration for more details.

  2. Abandoned Carts
    Chargebee offers a report for tracking abandoned carts  whereby a customer can track the number of visitors or end-customers leaving the checkout process without completing a purchase or leaving items in the cart. This classic report uses geolocation. However, for a HIPAA compliant account, customers must disable this feature by logging in to your Chargebee site, navigate to Settings -> Configure Chargebee -> Checkout & Self-serve Portal -> Disable "Track abandoned carts".
    If you still require this report, please reach out to support .

  3. Apple Pay
    Chargebee allows its customers to receive payments through Apple Pay. However, for a HIPAA compliant account, a customer must ensure only ‘In-App layout of Checkout' is used.
    Additionally, while using ‘In-App layout of Checkout', a customer must set the billing country field as mandatory by logging in to your Chargebee site and navigate to Settings -> Configure Chargebee -> Checkout & Self-serve Portal -> Fields tab -> Billing Section ->Address Fields -> Edit Country Field -> Mark "In checkout and portal" as Mandatory.
    To Switch to ‘In-App layout of Checkout' Go to Settings -> Configure Chargebee -> Checkout & Self-serve Portal -> Click the "Switch to the new version" link.

  4. Taxes Module
    Chargebee offers a feature to verify customer tax details for accurate calculation as per tax norms for certain countries. However, for a HIPAA compliant account, a customer must disable this feature by logging in to your Chargebee site and navigate to Settings -> Configure Chargebee -> Taxes -> Uncheck "Enable location validation".
    Please reach out to support  for any queries.

Was this article helpful?
Loading…