Bookkeeping, payroll, and tax services for small businesses across the Valley of the Sun.

Call or Text: (602) 730-4560

Does HIPAA apply to my bookkeeper if they handle medical practice financial records?

Yes, HIPAA absolutely applies. If your bookkeeper sees patient names tied to billing amounts, insurance claim details, payment records from insurers, or any other financial data that includes protected health information (PHI), they are classified as a Business Associate under HIPAA. This isn’t optional or a gray area. The law is clear on this.

Before your bookkeeper accesses any of this data, you need a signed Business Associate Agreement (BAA) in place. A BAA is a legal contract that spells out how the bookkeeper will protect PHI, what they can and cannot do with it, and what happens if there’s a breach. Without a signed BAA, your practice is out of compliance the moment your bookkeeper opens a file containing patient information. Both you and your bookkeeper can face penalties if something goes wrong.

The practical impact goes beyond paperwork. A HIPAA-compliant bookkeeper needs to store your financial data in encrypted systems, transmit information through secure channels rather than regular email, and have protocols for disposing of records when they’re no longer needed. Cloud-based accounting software like QuickBooks Online generally meets encryption standards, but how files are shared between you and your bookkeeper matters just as much. Emailing a spreadsheet of patient billing data as an unencrypted attachment is a violation, even if nobody intercepts it.

Not every bookkeeper understands these requirements. Many general bookkeepers have never worked with medical and dental practices and don’t realize that handling your books creates HIPAA obligations for them. If a bookkeeper hesitates when you bring up a BAA or doesn’t know what one is, that’s a sign they aren’t prepared to work with a healthcare practice.

When evaluating a bookkeeper for your medical practice, ask directly whether they’ve signed BAAs with other healthcare clients. Ask how they store and transmit financial data. Ask what their breach notification process looks like. These aren’t unreasonable questions. Any bookkeeper experienced with healthcare accounting will expect them.

Penalties for HIPAA violations range from $100 to $50,000 per incident depending on the level of negligence, with annual maximums that can reach into the millions. Even unintentional violations carry fines. The Office for Civil Rights doesn’t distinguish between a data breach at a hospital and one at a small dental office. Your practice is held to the same standard regardless of size.

The good news is that compliance isn’t difficult once the right systems are in place. A bookkeeper who already works with healthcare clients will have secure workflows established. Experienced Phoenix bookkeepers who serve medical practices will already have BAA templates ready and know how to handle your data properly from day one. The key is making sure you address this before granting access to your financial records, not after.

Your Valley of the Sun Bookkeeper

The Next Step:
A Quick Conversation

Tell us what's going on with your books. We'll listen, ask a few questions, and give you a clear quote with no surprises.

Book a Call

More Questions

What is CAM reconciliation and how do I handle pass-through charges for commercial properties?

CAM reconciliation compares the estimated Common Area Maintenance charges billed to tenants throughout the year against actual expenses incurred. The difference results in either a credit to tenants or an additional amount owed.

Read answer

How do I reconcile my construction project budget against actual costs at month end?

Pull a job cost report showing budget versus actual by cost code for every active project. Calculate line-item variances, add committed costs from open POs and subcontracts, and update your cost-to-complete estimates. This monthly process feeds your WIP schedule and shows which jobs are really making money.

Read answer

Should my construction company use cash or accrual accounting for tax purposes?

Most construction companies under $29 million in average annual gross receipts can use the cash method, which defers taxes. But cash basis hides true job profitability, so many contractors benefit from accrual-style reporting internally even if they file taxes on a cash basis.

Read answer

What financial reports should a medical practice owner review monthly?

Focus on a P&L by provider, A/R aging by payer, collections vs charges ratio, overhead percentage, and days in A/R. Monthly review catches revenue and cash flow problems before they get out of hand.

Read answer

Should I capitalize or expense tools and small equipment purchased for construction jobs?

Tools and equipment under $2,500 per invoice can be expensed immediately if you have a written accounting policy. Items over that threshold should be capitalized and depreciated, though Section 179 often lets you deduct the full cost in the year of purchase.

Read answer

Should our church file Form 990 even though churches are exempt from the requirement?

Churches are automatically exempt from filing Form 990, but voluntary filing can increase transparency, build donor trust, and simplify grant applications. The tradeoff is that your financial details become part of the public record.

Read answer

Phoenix-based bookkeeping firm serving small businesses across the Valley of the Sun. We provide bookkeeping, payroll, tax preparation, and fractional CFO support with transparent pricing and no upselling. Owned and operated by David Morrow, a former COO with 20+ years of business experience.

Location

2390 East Camelback Road, Suite 130-1363, Phoenix, AZ 85016

Contact Details

Client Reviews

5-Star Rated Firm

Social

About Us

Resources

  • QuickBooks Online Certification Level 1 badge
  • QuickBooks Online Certification Level 2 badge
  • QuickBooks Online Payroll Certification badge

© 2026 2Morrow Bookkeeping LLC

Privacy PolicyTerms of Use