It is important to consider security for payments in telehealth. Any e-commerce application that handles customer credit card information needs to consider application security, and this applies to telehealth applications as well.

In general, there are several types of payments your application might need to consider:

  • Integration with other medical billing systems – This is the most complicated option to consider, but often the ideal solution if a telehealth application is going to be used by a larger medical practice or healthcare system that already has a comprehensive billing and payments system in place.You will need to consider (1) what API’s that system offers that you can use to automate the billing process, (2) security procedures you must use to interact with that system, while protecting all patient data and confidentiality, and (3) what data from the billing system need to be returned to your telehealth application (if any). This integration could be as complicated as the development of the rest of your application, and may require ongoing development support.
  • Credit card payments – Where possible, your telehealth application may prefer to let patients use normal credit cards or defined benefits cards (linked to a flexible spending account [FSA] or health savings account [HSA]) to pay for a consultation session. This is most often the case when the total cost of services provided are not covered under typical healthcare plans.Some medical practices have also started charging monthly subscriptions to their patients for services with more personal care, after hours support, or higher response rates, and those services may be paid through a recurring credit card payment.When possible, it’s simplest to integrate credit card payments using a third party processor like Braintree or Stripe, so that the provider or physician practice is not burdened with storing sensitive credit card data or with carrying extra data risks. In this scenario, a provider needs to consider the conditions under which refunds are offered. For example, cancelled or missed appointments by the provider, poor internet connectivity for the patient, or other technical difficulties could be valid reasons for a refund, and decisions should be made around how to trigger those refunds.


  • Outside payments – Perhaps patients are paying through some other tool, or
    paying by cash or check in person. Your telehealth app may need a way for
    future appointments to be marked as pre-paid or “to be invoiced,” so that the
    session can be handled without payments in the application. This is, of course,
    the simplest way to build your telehealth application, but may require manual
    processes outside of your application.
  • Proof of service – Health insurance plans or a benefits plan administrator often
    require documentation that a service was provided by a particular provider for a
    specific patient on a specific date. This is often the case when a defined benefits
    card, and thus an FSA or HSA, is used. Patients will often ask for such proof of
    service at the time of payment.

For other telehealth applications, the biggest question is not how to take the patient’s money, but if telehealth visits will be paid for by a patient’s healthcare plan. This question varies according to regional legislation and use cases. You will need to research separately how telehealth visits may be reimbursed by health insurance providers.

Want to learn more? Think a Telehealth Solution may be right for your healthcare business?

We have a telehealth platform that is already built and can be quickly white-labeled and licensed for your use.  We have decades of experience with over 200,000 hours invested in building real-time applications. You can read a client testimonial here.

Contact us today. We’ll help you get your user-friendly, HIPAA-compliant app — up and running with both the provider and patient in mind.

Recent Blog Posts