SureMileage provides companies with an easy-to-use mileage tracking software that streamlines every step of the reimbursement process.
SureMobile automates mileage tracking, trip logging, and expense report submission for employees and managers on the go.
SureExpense brings the ease and accessibility of CompanyMileage’s mileage tracking solution to all other T&E expenses.
For Healthcare
For Sales Representative
For Mobile Employees
For Property Management
For Service Industry
Employee Mileage Reimbursement Law Basics
Creating a Compliant Mileage Log for IRS Purposes
What Do Most Companies Pay for Mileage Reimbursement?
Mileage Reimbursement vs Car Allowance: Which is Better for Business?
Dispelling Myths: Is Mileage Reimbursement Subject to Payroll Taxes?
The latest news, resources, ideas and inspiration for organizations.
Success stories from other organizations that have partnered with CompanyMileage.
Common questions we encounter from others considering CompanyMileage.
We discount CompanyMileage products and services for our partners.
We’ve integrated CompanyMileage with 70 accounting and payroll services.
Get our helpful eBook and learn how to craft better mileage reimbursement policy.
Ask us anything or reach out with sales questions. We’re happy to help.
Get access to the latest brochure and resources on Company Mileage.
Last Updated: October 30, 2025
If you’re a healthcare professional of any kind, you’re doubtless familiar with the ins and outs of the Health Insurance Portability and Accountability Act, or HIPAA. A key facet of this piece of legislation is the Privacy Rule. The Privacy Rule protects all “individually identified health information,” also known as Protected Health Information (PHI), in any form, held or transmitted by a Covered Entity or its Business Associate.
Nearly all healthcare entities are considered a Covered Entity, while Business Associates are entities that provide third-party services to Covered Entities, in which they will encounter PHI. These include cloud storage services, IT contractors, and yes, even your mileage tracking and reimbursement software.
Apps that record information for healthcare workers inevitably store PHI, whether they’re tracking expenses, trips, or other activities. In order for your mileage reimbursement software – and your organization – to stay in compliance with HIPAA, third-party service providers must sign a Business Associates Agreement, or BAA. This agreement serves as a contract, specifying each party’s responsibilities regarding the handling of PHI.
While BAAs protect both Covered Entities and their Business Associates, some software providers still resist signing them. A refusal by a business associate to sign should raise serious concerns about that vendor’s commitment to compliance, as well as their attitude towards data security.
A BAA creates a legal obligation for a vendor or third-party service to safeguard any PHI they may encounter, in compliance with the standards established by HIPAA. By requiring vendors to implement administrative, technical, and physical safeguards, BAAs establish accountability, with the ultimate aim of keeping clients’ information confidential and secure. The absence of a BAA can expose the Covered Entity to liability for any HIPAA breaches, even ones outside that entity’s direct control.
A responsible vendor should have no problem signing a BAA. So why do some companies refuse?
Some vendors won’t sign a BAA to avoid the investment required to adequately meet HIPAA security and privacy requirements.
If a provider or third party is not designed for the healthcare industry, that organization may lack the infrastructure to securely handle PHI.
Signing a BAA places legal responsibility for any breaches of HIPAA on the vendor. Many vendors may refuse to sign, preferring that any PHI-related breaches shift entirely to their client, the Covered Entity.
Some software manufacturers or other vendors make use of data for analytics, advertising, or third-party sharing in a way that could potentially conflict with HIPAA restrictions.
Newer or smaller-scale vendors may not fully understand the obligations posed by HIPAA. In that case, the organization may decline to sign a BAA because they have no desire to learn, and wish to sidestep the matter entirely.
When seeking partnerships with third-party companies, keep a close eye for signs that that vendor doesn’t take HIPAA compliance seriously, and might decline to sign a BAA. Signs like:
Your organization takes HIPAA regulations seriously, and so should any Business Associate that works with your company. Noncompliance can lead to significant regulatory penalties and operational disruptions for you as a healthcare provider, even if that breach does originate with a third party.
However, HIPAA violations have deeper repercussions besides legal or regulatory penalties. Every day, patients and clients trust your company to keep their private information safe. A vendor compromising PHI due to negligence seriously endangers that trust.
To that end, a vendor’s refusal to sign a BAA should be disqualifying for your company. In refusing to sign, they open you up to liability, and potentially put patient data at risk.
CompanyMileage is dedicated to providing businesses with automated solutions for easy, intuitive and efficient mileage reimbursement. Our mileage reimbursement software, SureMileage, simplifies mileage tracking by using point-to-point calculations to determine the best route for reimbursement between start and end points of each work-related trip. That way, busy, on-the-go healthcare workers don’t have to waste time and energy on keeping mileage spreadsheets or subtracting odometer readings.
Our commitment to our clients extends to maintaining the levels of security and compliance that meet or exceed standards set by HIPAA. In accordance with the HIPAA security rule, CompanyMileage encrypts data at NIST standards, uses secure logins and PINs, and maintains secure servers and internal firewalls. We also use policies and procedures to safeguard PHI, and yes, a key part of those policies and procedures is the BAA we sign with all of our clients in the healthcare industry.
At CompanyMileage, we always have our clients’ best interests at heart, and we’re happy to sign a BAA whenever necessary. Can all expense management companies say the same?
To find out more about CompanyMileage, and how our products can save you up to 25% on mileage reimbursement, contact us for a demo today!
Written by Kevin Winters
Kevin oversees client service and the development of the SureMileage solution, leveraging his extensive experience as a CPA, payroll service founder, and technology services leader. He co-founded Payroll Associates, Inc. in 1993, growing it into the largest independent payroll-processing provider in the Dallas-Fort Worth area, serving over 1,100 businesses and 60,000 employees. After the company was acquired by Paychoice in 2005, Kevin remained in senior management until 2006. He resides in Dallas with his wife and children.
Share this blog
Determine an estimated mileage rate based on gas prices in your area.
Figures are based on an internal analysis by CompanyMileage.
Find out how CompanyMileage can save you 25% on mileage reimbursement costs
Ready to see what CompanyMileage can do for your bottom line? Learn how using an accurate, efficient, and simple mileage reimbursement software can translate to over $1,000 in annual savings per mobile employee!
There’s a reason why hundreds of organizations prefer using CompanyMileage to track over 500 million miles a year, submit expenses, and process reimbursements. Discover how easy the process can be with the right tools.
On average, our clients experience a tenfold return on investment with CompanyMileage. Don't miss out on these savings – reach out to us today and see how much you could save!
This new integration enhances the way organizations reimburse mobile employees for work-related expenses in ADP, streamlining the process from mileage logging to reimbursement distribution. Now live on ADP marketplace.
Once connected, this integration simplifies the way businesses reimburse mobile employees for mileage and expenses, creating a more efficient process from logging mileage through reimbursement distribution.
