The HIPAA / Privacy term is provisioning. If you have data that indicates Joe Sixpack paid for a specific healthcare procedure, such as a line on the bill that says “$1000 for cancer screening”, that’s definitely within the scope of HIPAA regulations.
If it just says “$1000 owed to Quest Diagnostics”, then it’s most likely out of scope. (That’s assuming the data isn’t structured to expose information, such as “syphilis testing: $101; HIV testing: $102; gonnorhea testing: $103”, etc. )
And as with any legal advice you receive from an Internet forum populated by happy mutants, check with your own law department before proceeding.
