Patient-pay · non-HIPAA scope

Healthcare payment platform for the patient-pay side of licensed practices.

Card, wallet, ACH and SEPA acceptance for dental, vet, mental-health, aesthetics, telehealth and wellness merchants — under one unified API, with in-clinic and online channels sharing the same vault. Insurance claim adjudication and HIPAA-covered PHI workflows are out of scope; specialist platforms serve those.

Patient-pay
out-of-pocket card and bank-rail acceptance
PCI L1
vault posture inherited across every merchant
1 API
cards, wallets, ACH, SEPA under one integration
Non-HIPAA
PHI / claim adjudication explicitly out of scope

Scope of the platform

What this healthcare payment system covers — and what it doesn't

The line between patient-pay card acceptance and payer-side insurance workflows is a hard one on topropay. Here's exactly what the platform serves and what belongs with a specialist provider.

In scope · patient-pay for licensed merchants

  • Dental practices
  • Veterinary clinics
  • Mental-health & counselling practices
  • Aesthetics & cosmetic clinics
  • Elective-procedure providers
  • Telehealth cash-pay platforms
  • Wellness, fitness & recovery services
  • Physiotherapy & chiropractic

Out of scope · specialist providers only

  • US insurance claim adjudication
  • ERA / EFT clearinghouse workflows
  • Medicare / Medicaid rails
  • HIPAA-covered PHI processing
  • Payer-side reimbursement flows
  • Prescription / pharmacy adjudication

Key benefits

Why licensed practices pick this platform for patient-pay acceptance

Four properties that matter on the merchant-side card / bank-rail acceptance for healthcare-adjacent verticals.

  1. 01

    Card acceptance sized for patient-pay

    Consumer cards, corporate cards, HSA / FSA cards where scheme rules allow, wallets and Click to Pay through the connected acquiring panel. Same API and vault regardless of the card product presented at checkout.

  2. 02

    Bank-rail options where the ticket is bigger

    ACH (US) and SEPA Direct Debit (EU) plug into the same authorise endpoint as card. High-ticket dental, aesthetics and elective-procedure invoices settle on lower-cost bank rails; card stays for smaller tickets and one-tap wallet flows.

  3. 03

    Recurring for treatment plans and memberships

    Card-on-file and SEPA SDD recurring for treatment-plan instalments, wellness memberships and telehealth subscriptions. Network tokens plus scheme updaters keep the plan alive across card re-issuance.

  4. 04

    Omnichannel across in-clinic and online

    Card-present via partner terminals or SoftPOS Tap-to-Phone at the counter or bedside, plus a hosted pay link for online-collected balances. The vault token is the same across channels.

How the healthcare payment platform runs

From onboarding to reconciled patient-pay receipt in five steps

What happens between the practice signing up and the settled row in the merchant's general ledger — with a firm boundary on what the platform does and doesn't touch.

  1. 01

    Onboard the healthcare-adjacent merchant

    KYB checks on the practice / clinic entity. Vertical is verified as patient-pay (out-of-pocket) — not payer / insurer / clearinghouse. Underwriting is per acquirer and per market.

  2. 02

    Choose the acceptance surface

    Hosted pay-link, embedded hosted fields, full SDK on the online side; partner terminal or SoftPOS on the in-person side. The merchant's practice-management system feeds patient balances into the platform.

  3. 03

    Capture patient-pay authorisation

    The patient enters card / wallet / bank-rail details on the merchant's chosen surface. Vault tokenises before any acquirer sees the credential; PAN never lands on the merchant's device or origin.

  4. 04

    Route across the acquirer panel

    Smart routing scores the authorisation on BIN, currency, country pair and risk. Soft declines cascade to the next ranked lane inside the same authorisation — the patient sees one decision, not a retry loop.

  5. 05

    Reconcile in one ledger

    Settlement files from each connected acquirer normalise into one ledger; daily exports tagged by channel, terminal and currency. Merchant imports into their accounting system — separate from any practice-management PHI database.

Main use cases

Where healthcare payment processors on this platform earn their keep

Six recurring healthcare-adjacent merchant shapes — dental, vet, mental-health, aesthetics, telehealth and wellness — and how topropay serves the patient-pay portion of each.

  • Dental

    Dental practices — treatment-plan instalments

    Card-on-file recurring for treatment-plan instalments and orthodontic membership plans; hosted pay links for one-off co-pays; SoftPOS Tap-to-Phone for card-present balances at the counter.

  • Vet

    Veterinary clinics — bill-at-discharge

    Card-present at discharge, hosted pay links for follow-up invoices, ACH for high-ticket surgery balances. Reconciliation tags receipts to invoice reference, not to the patient's medical record.

  • MH

    Mental-health & counselling — recurring session billing

    Card-on-file for weekly or biweekly session billing, hosted pay links for cancellation fees, subscription for group-therapy memberships. Non-PHI receipt data only.

  • Aesth

    Aesthetics & cosmetic clinics

    Card and BNPL for elective-procedure ticket sizes; hosted-fields checkout on the clinic website for consultation deposits; wallets for one-tap booking flows.

  • Tele

    Telehealth cash-pay platforms

    Recurring card-on-file for subscription telehealth, one-off card for consult-only flows, ACH for enterprise-billed cohorts. Payment metadata scoped to invoice reference — the clinical record stays in the merchant's own EHR.

  • Well

    Wellness, fitness & recovery services

    Monthly memberships on card-on-file recurring; SoftPOS at the studio for walk-in sessions; hosted pay links for retail add-ons like protein, supplements or gear.

Platform features

Capabilities behind the healthcare payment processors on topropay

Twelve capabilities the platform ships once and reuses across dental, vet, mental-health, aesthetics, telehealth and wellness merchants — with a strict non-PHI event payload.

  • Patient-pay card acceptance

    Consumer, corporate and prepaid card acceptance through the connected acquirer panel.

  • HSA / FSA where allowed

    Health-savings and flex-spending card acceptance where the scheme rules and merchant category code permit.

  • ACH & SEPA bank rails

    US ACH and EU SEPA Direct Debit through the same authorise endpoint; NACHA / SEPA mandate handling included.

  • Recurring for treatment plans

    Card-on-file recurring with network tokens plus scheme updaters; SEPA SDD recurring where the patient is EU-based.

  • Hosted, embedded & SDK surfaces

    Three integration shapes — pick per merchant's PCI and UI constraints.

  • Partner terminals + SoftPOS

    Card-present acceptance via licensed partner acquirers; SoftPOS Tap-to-Phone on NFC-equipped devices.

  • PCI DSS Level 1 vault

    Card data captures into the platform vault before any acquirer sees it; PAN never lands on the merchant device or origin.

  • Smart routing & cascade

    Per-BIN, per-currency scoring across the connected acquiring panel; soft declines cascade inside the same auth.

  • Operator-side refund controls

    Refunds require justification; every refund logged with actor identity, reason code and timestamp.

  • Unified dispute queue

    Chargebacks from every connected acquirer surface in one queue with evidence-pack templates keyed off the merchant's invoice reference.

  • One reconciliation feed

    Receipts, fees, refunds and chargebacks normalised into one ledger; tagged by invoice reference, channel and currency.

  • Non-PHI event payload

    Payment events carry invoice reference, amount and status only — no patient identifiers, no clinical data, no PHI.

Industry relevance

healthcare payment fraud posture and the us healthcare payment system boundary

On the patient-pay side, healthcare payment fraud looks like card fraud in every other vertical — CNP, friendly, ATO, refund abuse — and the platform's PCI L1 vault, selective 3DS2 and unified dispute queue address those vectors. On the payer / insurance side of the US healthcare payment system, the fraud problem (upcoding, phantom claims, kickbacks, prescription diversion) is a completely different domain that specialist payer-integrity platforms solve — not topropay. The boundary between the two is the boundary of this page's scope.

Trust & compliance

Compliance posture for the patient-pay leg

Payments-industry compliance — PCI, SCA, sanctions / AML, scheme programme posture — carried on the merchant's behalf. HIPAA is out of scope because the platform's data scope excludes PHI by design.

PCI DSS Level 1
Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture across every connected acquirer.
SCA & PSD2 (EU)
Selective EMV 3DS2 keeps European patient-pay approval high without skipping the SCA bar.
NACHA / SEPA mandate handling
ACH and SEPA Direct Debit mandates captured and retained per scheme rules; mandate IDs travel with each recurring authorisation.
Sanctions & AML alignment
Sanctions screening at onboarding; AML monitoring tuned per merchant's vertical and volume profile.
Not a HIPAA-covered entity
topropay does NOT operate in insurance claim adjudication, does NOT handle Protected Health Information (PHI), and is NOT a HIPAA business associate or covered entity. Payment metadata is scoped to invoice reference only.
Licensed verticals only
Licensed dental, vet, mental-health, aesthetics, telehealth and wellness merchants supported where current operating licences exist. Grey-market or unlicensed healthcare-adjacent operators are out of scope.

Ready to bring patient-pay onto one platform

Bring your patient-pay receivables onto one platform.

A 20-minute scope review confirms the fit — patient-pay only, licensed vertical, geographies you serve — and walks through the acceptance channels relevant to your practice before any commercial commitment.

Frequently asked

Buyer questions about healthcare payment platform on topropay

Scope, HIPAA disambiguation, HSA / FSA questions, integration with practice-management systems and the practicalities of running patient-pay through one platform.

  1. 01

    What does topropay mean by healthcare payment platform?

    Healthcare payment platform on topropay means patient-pay (out-of-pocket) card, wallet, ACH and SEPA acceptance for licensed healthcare-adjacent merchants — dental, vet, mental-health, aesthetics, telehealth, wellness. It does NOT mean insurance claim adjudication, ERA / EFT clearinghouse workflows, Medicare / Medicaid rails, or any HIPAA-covered PHI processing. Those are separate domains served by specialist platforms.

  2. 02

    Is there a healthcare payment system login for patients on this platform?

    The healthcare payment system login model on topropay is merchant-side: the practice / clinic operator logs into the topropay dashboard to manage payments, refunds and reconciliation. Patients don't log in to topropay directly — they see the merchant's own portal or the hosted pay link, and the merchant's practice-management system holds the patient-facing account. topropay stays scoped to the payment surface.

  3. 03

    Some searches use the phrase 'a payment system for healthcare in which the provider' — does that apply?

    That phrasing usually appears in US healthcare policy literature describing reimbursement models — fee-for-service, capitation, bundled payment — where 'the provider' is the healthcare provider being paid by an insurer or payer. topropay does NOT operate in that provider-reimbursement model. topropay's role is the merchant-side card / bank-rail acceptance surface for what the patient owes out-of-pocket. Insurance-side reimbursement is a separate domain.

  4. 04

    How does topropay compare to specialist healthcare payment processors?

    Specialist healthcare payment processors are typically built around US insurance workflows — ERA / EFT, claim adjudication, HIPAA-covered PHI, clearinghouse connectivity, prescription adjudication. topropay is NOT a specialist healthcare payment processor in that sense. topropay is a general orchestration platform that also serves healthcare-adjacent merchants for the patient-pay card / bank-rail portion of their receivables, with strong PCI posture and multi-acquirer routing on that portion.

  5. 05

    What about healthcare payment fraud?

    Healthcare payment fraud on the patient-pay side (which is what topropay serves) looks like card fraud everywhere else — CNP fraud, friendly / first-party fraud, account takeover, refund fraud, chargeback abuse. The platform's PCI L1 vault, selective 3DS2 on card and the unified dispute queue address those vectors. Payer-side / insurance-billing fraud (upcoding, ghost claims, kickback schemes, phantom services) is a completely different problem space that specialist payer-integrity platforms address; topropay does NOT operate in that space.

  6. 06

    Does topropay plug into the us healthcare payment system?

    The 'us healthcare payment system' typically refers to the ecosystem of insurers, PBMs, clearinghouses, ERA / EFT rails, HIPAA transactions (270 / 271 / 835 / 837) and the reimbursement web that sits between US healthcare providers and their payers. topropay does NOT plug into that ecosystem. topropay serves the patient-pay leg — what the patient owes the provider out-of-pocket — on card, wallet, ACH or SEPA, for licensed healthcare-adjacent merchants operating in EU, UK, APAC, LATAM and (for patient-pay only) US markets.

  7. 07

    Are HSA and FSA cards supported?

    HSA (Health Savings Account) and FSA (Flexible Spending Account) cards ride the same card schemes as any other card. Whether a specific transaction clears on HSA / FSA depends on the merchant's Merchant Category Code (MCC) — the scheme rules restrict HSA / FSA card use to specific MCCs (dental, vision, prescription, medical goods, etc.). topropay's acquiring panel accepts these transactions where the MCC matches; the merchant confirms MCC eligibility during onboarding.

  8. 08

    Can dental / veterinary / aesthetic practices use topropay for treatment-plan instalments?

    Yes. Treatment-plan instalments on topropay run on the card-on-file recurring engine (with VTS or MDES network tokens and scheme updaters) or on SEPA SDD for EU patients. Practices define the schedule and the platform handles renewals, smart retries and unified dispute defence. This is the same recurring engine used by SaaS and subscription commerce elsewhere on the platform.

  9. 09

    How does topropay integrate with the merchant's practice-management or EHR system?

    topropay integrates with the merchant's practice-management or EHR system via a payment reference / invoice ID that the practice-management system supplies at authorisation time and the platform returns on the settlement event. The reference is opaque to topropay — no patient identifiers, no clinical data, no PHI. The practice-management system remains the source of truth for the clinical record; topropay stays scoped to the payment.

  10. 10

    What data does topropay hold on behalf of a healthcare-adjacent merchant?

    topropay holds: card-scheme tokens (VTS / MDES) or vault tokens for card-on-file, mandate IDs for ACH / SEPA recurring, transaction amounts, currencies, acquirer response codes, dispute event history, and the merchant-supplied invoice reference. topropay does NOT hold patient names, diagnoses, treatment codes, prescription data, insurance IDs, appointment metadata or any other PHI element. The merchant's own systems are responsible for those.

  11. 11

    Is topropay a HIPAA business associate?

    No. topropay is NOT a HIPAA business associate and does NOT sign Business Associate Agreements (BAAs). topropay's data scope — invoice reference, amount, card token, dispute history — is not Protected Health Information under HIPAA. Merchants who need a HIPAA-covered payment path (e.g. where PHI would flow with the payment metadata) should use a specialist HIPAA-covered payment platform for that flow; topropay serves the non-PHI patient-pay portion only.

  12. 12

    Which geographies does the platform cover for healthcare-adjacent merchants?

    Patient-pay card and bank-rail acceptance for licensed healthcare-adjacent merchants is available across EU, UK, APAC and LATAM as baseline coverage. US patient-pay acceptance is supported through the US acquiring panel for card and ACH; US merchants who additionally need insurance-side integration should pair topropay with a specialist US healthcare payment processor for that portion.

  13. 13

    How long does it take to onboard a healthcare-adjacent merchant?

    Onboarding typically runs 1–3 weeks depending on KYB complexity, licensing verification and the acquirer's underwriting for the specific vertical. Dental, vet and aesthetics merchants tend to be faster; telehealth and multi-jurisdiction merchants can take longer due to cross-border licence checks.

  14. 14

    What verticals are out of scope even inside healthcare-adjacent?

    Out of scope regardless of licensing: prescription pharmacy adjudication, controlled-substance dispensing platforms, cannabis and cannabis-adjacent commerce (except in specific fully licensed jurisdictions with the right acquirer coverage), and any operator whose model depends on grey-market or off-label workflows. Also out of scope: US insurance claim adjudication, ERA / EFT clearinghouse services, HIPAA-covered PHI processing, and payer-side reimbursement rails.

  15. 15

    What's the best way to evaluate topropay for a healthcare-adjacent business?

    The best evaluation is a 20-minute review that confirms the merchant is patient-pay and licensed, walks through the acceptance channels relevant to the practice (in-clinic terminals, hosted pay links, embedded checkout), and identifies any specialist HIPAA-covered flow the merchant needs alongside — which would run through a different provider. topropay's sandbox mirrors the production flow so the merchant can test acceptance before committing.