If you're a doula accepting health insurance, welcome to a new chapter in birthwork. With the expansion of insurance coverage for doula services—including Medicaid, Medi-Cal, and private insurance plans—more birth workers are becoming part of the broader healthcare ecosystem. But that opportunity comes with new responsibilities, particularly around HIPAA compliance.

As a doula working with insurance, you're now handling protected health information (PHI) and are considered a covered entity or business associate, depending on your insurance billing arrangements. That means it's time to ensure the tools you're using for client communication, documentation, scheduling, and billing are all HIPAA compliant.

This guide breaks down the essential HIPAA compliant tools for doulas, why they matter, and how to set yourself up for success as a doula accepting health insurance.

‍

What is HIPAA and Why It Matters for Doulas

Defining HIPAA and Protected Health Information

HIPAA (Health Insurance Portability and Accountability Act) is a federal law that ensures the privacy and security of sensitive patient health information. Protected health information includes any information that could identify a client and relates to their health condition, treatment, or payment for healthcare services. For doulas, this encompasses birth plans, intake forms, progress notes, and even scheduling information.

When Does HIPAA Apply to Doulas?

If you're billing insurance or working through an insurance contractor, you're likely either a covered entity (if you're directly submitting claims) or a business associate (if you're working with an entity that handles claims). In both cases, you're expected to handle PHI securely, which means using HIPAA-compliant platforms.

Non-compliance with HIPAA could lead to termination of insurance contracts, loss of client trust, and fines up to $50,000 per violation.

How Health Insurance Reimbursement Changes the Game

As states expand doula benefits under Medicaid programs and private insurers begin covering doula services, thousands of doulas are now submitting insurance claims electronically. This shift means doulas must meet the same privacy standards as licensed medical providers. Traditional methods like unencrypted email, WhatsApp messaging, or unsecured cloud storage are no longer sufficient for doula practices working with insurance.

‍

Overview of HIPAA Compliant Tools Every Doula Needs

As a doula working with insurance, here are the core tool categories you need to secure:

1. Client intake and consent forms
2. Secure messaging and communication
3. Appointment scheduling
4. Video consultations (telehealth)
5. Notes and documentation
6. Payment processing
7. Client management software (all-in-one solutions)
8. Insurance billing

Client Intake & Consent Forms

Collecting client information through unsecured forms is risky and inefficient. Here are HIPAA-compliant options:

Google Forms (via Google Workspace)

Google Forms can be HIPAA compliant when used correctly:

• Must be part of a paid Google Workspace plan
• You must sign a Business Associate Agreement (BAA) with Google
• Ensure responses are stored in your secured Workspace account

Jotform HIPAA

Jotform offers a specialized HIPAA solution that includes:

• Drag-and-drop form builder with healthcare-specific templates
• Encryption, electronic signatures, and custom branding
• Includes BAA on HIPAA-enabled plans
• Integration with popular practice management tools

Morf Health

Morf specializes in HIPAA-compliant forms:

• Pre-built HIPAA-ready templates for quick launch
• Mobile-optimized forms with custom branding
• Securely gather e-signatures and payment info in one form
• Automated routing and reminder features

‍

Best HIPAA Compliant Communication Tools for Doulas

Standard text messaging and email aren't sufficient for communicating with insurance clients. You need platforms that provide encryption, audit trails, and proper security controls.

HIPAA Compliant Messaging and Texting Apps

Spruce Health

Spruce Health offers:

• Unified messaging, calling, and telehealth platform
• Starts at $24/month with BAA included
• Allows clients to text from their regular phone number

OhMD

OhMD provides:

• HIPAA-compliant two-way texting platform
• Free basic plan available
• Easy setup and client onboarding

Secure Email Solutions for Doula Practices

Paubox Email Suite

Paubox works with Gmail, Outlook, and Apple Mail:

• Encrypts emails automatically
• Starts at $29/month
• Seamless integration with existing workflows

Google Workspace (with BAA)

• Familiar Gmail interface with enterprise security
• Must sign BAA and use paid Workspace plans
• Includes document storage and collaboration tools

‍

HIPAA-Compliant Scheduling Software

Acuity Scheduling (Premium Plan)

Acuity's HIPAA-compliant option includes:

• HIPAA compliance enabled at $49/month
• Intake forms, automated reminders, and secure calendar
• Client portal for booking and managing appointments

Zoho Bookings

Zoho Bookings offers:

• BAA available by contacting legal@zohocorp.com
• Automated scheduling with calendar sync
• Customizable booking pages with branding
• Payment collection capabilities

Telehealth Platforms for Virtual Support

Doxy.me

Doxy.me is a simple, browser-based telehealth solution:

• Free basic version is HIPAA compliant
• No downloads needed—works in any web browser
• Easy for clients to use from phone or computer

Zoom for Healthcare

Zoom for Healthcare requires:

• Zoom Pro plan or higher
• Must request and sign a BAA from Zoom
• Advanced features like recording and screen sharing

‍

HIPAA-Compliant Note-Taking & Documentation

Heidi Health

Heidi Health is an AI-powered medical scribe:

• AI assistant for note-taking and documentation
• Hospital-grade security with privacy standards
• Designed to reduce administrative time

Google Docs (via Google Workspace)

When set up correctly, Google Docs provides:

• Real-time editing and collaboration
• Automatic saving and version history
• Must have BAA and proper access controls

‍

HIPAA-Compliant Payment Processing

Ivy Pay

Ivy Pay is designed for healthcare practitioners:

• Automatically encrypts all transactions
• Only clients can initiate first payment
• Strong focus on privacy and security

Square (with BAA)

Square now accommodates healthcare providers:

• Square offers BAA for healthcare users
• Simple interface with various payment methods
• Good reporting and transaction tracking

‍

HIPAA-Compliant Client Management Software

For doulas who want an all-in-one solution to manage their entire practice, these platforms combine multiple functions while maintaining HIPAA compliance:

SimplePractice

Simple Practice is a comprehensive practice management platform:

• All-in-one solution with BAA included
• Includes video calling, messaging, scheduling, and note-taking
• Robust reporting and billing features
• Worth the investment if you want everything in one platform

Jane App

Jane App is designed for health and wellness practitioners:

• Book, chart, schedule, bill and get paid in one platform
• HIPAA compliant with Business Associate Agreement available
• Online and in-person payment processing with reporting
• Includes secure telehealth sessions

‍

Best Doula Insurance Billing Software

Managing insurance billing can be one of the most complex aspects of accepting health insurance as a doula. These HIPAA compliant platforms help streamline the billing process:

Loula

Loula is the leading platform specifically designed for doulas accepting health insurance:

• Handles all aspects of insurance billing including credentialing and claims submission
• HIPAA-compliant platform designed for doula workflows
• Works well for both individual doulas as well as doula organizations & collectives
• Supports multiple insurance payers in California including Medi-Cal, Kaiser, and Health Net

Pear Suite

Pear Suite is designed for community health organizations:

• Built for doula organizations and community health workers
• Includes medical billing and analytics features
• Better suited for organizations than individual doulas

Office Ally

Office Ally is a general medical clearinghouse:

• All-payer clearinghouse for submitting claims
• Real-time eligibility verification for select payers

‍

Best Practices for Staying HIPAA Compliant

Essential Security Practices

Always sign Business Associate Agreements with your software providers before using their services for client information. Use strong, unique passwords for every account and turn on two-factor authentication wherever possible.

Keep session notes dated and securely stored, following a consistent filing system. Limit access to client information—don't share logins or create open sharing links.

Regular Compliance Reviews

Conduct quarterly self-audits of your technology and processes. Review which tools you're using, ensure all BAAs are current, and verify that security practices are being followed consistently.

Avoid These Common HIPAA Pitfalls

Using Free Personal Services: Free Gmail, Yahoo Mail, or personal cloud storage accounts don't provide required security controls or BAAs.

Unsecured Messaging Apps: WhatsApp, Facebook Messenger, and regular text messaging lack required encryption and access controls.

Improper Document Storage and Sharing: Storing client information in personal cloud accounts (Dropbox, iCloud, OneDrive) without BAAs, or creating sharing links that allow "anyone with the link" to access client information violates HIPAA requirements. Client documents must be stored in secure, access-controlled environments.

Non-Compliant Payment Systems: Venmo, Cash App, and Zelle aren't designed for healthcare transactions and lack necessary security measures.

Building Client Trust Through Compliance

HIPAA compliance builds trust with clients and positions you as a professional healthcare provider. When clients see that you protect their privacy, you'll start relationships with stronger foundations of trust. Be transparent about your privacy practices and explain why HIPAA compliance matters to distinguish your practice in the market.

Getting Started with HIPAA Compliance

Remember that compliance is a process, not a one-time event. Start with the basics: secure your current client information, implement strong passwords, and begin researching HIPAA-compliant tools. Consider starting with one area—perhaps secure communication or digital intake forms—and gradually updating other aspects of your practice.

‍

Frequently Asked Questions About HIPAA Compliance for Doulas

Do doulas need to be HIPAA compliant?

Yes, if you're billing insurance directly or working with organizations that bill insurance on your behalf. Once you handle protected health information (PHI) for insurance purposes, you become either a covered entity or business associate under HIPAA.

What HIPAA compliant tools do doulas need?

Essential tools include secure messaging platforms, HIPAA compliant email, encrypted scheduling software, secure telehealth platforms, protected note-taking apps, and compliant payment processing systems.

Can doulas use regular email and texting for clients?

No, standard Gmail, text messaging, or WhatsApp are not HIPAA compliant. You need encrypted communication platforms with Business Associate Agreements (BAAs) like Paubox, Spruce Health, or Google Workspace with proper BAA.

How much does HIPAA compliance cost for doulas?

Basic HIPAA compliance can start around $50-100 per month using tools like Google Workspace ($12/month), Spruce Health ($24/month), and Acuity Scheduling ($49/month). All-in-one solutions like SimplePractice may offer better value.

Do doulas need Business Associate Agreements?

Yes, you must sign BAAs with every software provider that handles client PHI. This includes email providers, scheduling software, payment processors, and any other tools that store or transmit client health information.

What's the best HIPAA compliant messaging app for doulas?

Spruce Health and OhMD are popular choices. Spruce Health ($24/month) offers unified messaging and telehealth, while OhMD has a free basic plan for simple secure texting needs.

What happens if a doula isn't HIPAA compliant?

Non-compliance can result in insurance contract termination, client trust loss, and fines up to $50,000 per violation. It can also damage your professional reputation and limit future insurance opportunities.

‍

Conclusion: Building Your Professional Foundation

The expansion of insurance coverage creates opportunities for sustainable income while making doula care accessible to more families. The tools outlined in this guide help you navigate administrative aspects while maintaining the high-quality, client-centered care that defines doula work.

HIPAA compliance doesn't have to be overwhelming or expensive. With the right tools, you can meet requirements while providing excellent care. You got this!

‍