SureMileage provides companies with an easy-to-use mileage tracking software that streamlines every step of the reimbursement process.
SureMobile automates mileage tracking, trip logging, and expense report submission for employees and managers on the go.
SureExpense brings the ease and accessibility of CompanyMileage’s mileage tracking solution to all other T&E expenses.
For Healthcare
For Sales Representative
For Mobile Employees
For Property Management
For Service Industry
Employee Mileage Reimbursement Law Basics
Creating a Compliant Mileage Log for IRS Purposes
What Do Most Companies Pay for Mileage Reimbursement?
Mileage Reimbursement vs Car Allowance: Which is Better for Business?
Dispelling Myths: Is Mileage Reimbursement Subject to Payroll Taxes?
The latest news, resources, ideas and inspiration for organizations.
Success stories from other organizations that have partnered with CompanyMileage.
Common questions we encounter from others considering CompanyMileage.
We discount CompanyMileage products and services for our partners.
We’ve integrated CompanyMileage with 70 accounting and payroll services.
Get our helpful eBook and learn how to craft better mileage reimbursement policy.
Ask us anything or reach out with sales questions. We’re happy to help.
Get access to the latest brochure and resources on Company Mileage.
Last Updated: February 5, 2026
Home health agencies often rely on mileage tracking systems to support reimbursement, payroll, and oversight for their mobile employees, especially those workers who regularly travel in their personal vehicles as part of their day-to-day work responsibilities. Those agencies start courting trouble when that mileage data is solely treated as administrative or financial information, instead of as protected data.
An operational difference that separates mileage tracking and reimbursement in the home healthcare industry from businesses in other industries is the need to remain compliant with the Health Insurance Portability and Accountability Act, or HIPAA. Under HIPAA, providers and workers in the healthcare industry must maintain the privacy of patients’ protected health information, or PHI. PHI consists of medical records and any other “individually identifiable” data (names, addresses, etc.) used or disclosed by a covered entity, such as a healthcare provider.
However, healthcare entities aren’t the only ones that need to pay attention to HIPAA regulations. Any business that interacts with PHI at any point must comply with HIPAA, including when mobile employees log trips for reimbursement. After all, data doesn’t need to live in a clinical system to be considered PHI under HIPAA. Trip information can intersect with patient information through locations, timing, and the context of the visit.
Using manual methods instead of secure tracking software can complicate HIPAA compliance, as it becomes harder to track, notice, or even prevent breaches. In this article, we’ll dig into those complications, discussing four of the biggest HIPAA risks in mileage tracking for HHC workers, and how CompanyMileage can help.
In order for reimbursement to be accountable, and not subject to payroll taxes, the IRS requires up-to-date, compliant mileage logs from mobile employees. Those logs routinely capture the start and end points of HHC workers’ business travel, the route they used, and the time and date of the visit.
To an outsider observing these mileage logs, looking at repeated travel patterns reported by HHC workers could indicate the locations of specific patient residences or care data. That data paired with the worker’s timeline for those visits could be used to narrow down the identity of that patient.
According to HIPAA, location information is considered PHI when it can be reasonably linked to a specific individual receiving care. Businesses that rely on manual methods, like paper logs or manual-entry spreadsheets, rarely account for how vulnerable PHI is, and how easy these connections can be made.
Methods for mileage logging and reporting, especially manual mileage and expense reports, often include free-text fields as a place for care professionals to add context or explanatory notes to justify a trip or an expense. Notes might include the patient’s name or initials, their conditions or symptoms, or other broader details of the visit.
Once added into a mileage log, this information is technically PHI, but it has been logged in a system outside of formal documentation systems for clinical use. While often both useful and necessary, informal data entry without any oversight or accountability can constitute a HIPAA danger, because it increases the likelihood of inconsistent and uncontrolled PHI handling.
Manual methods for mileage tracking frequently rely on paper records, or on the use of the employee’s smartphone or personal computer. Keeping business mileage logs on a personal phone or laptop is already not the best way to manage reimbursement, but risk is increased exponentially when mileage information also overlaps with patients’ protected health information.
Personal employee devices often lack encryption, strong authentication, or remote wipe capabilities. If that device is lost, gets stolen, or is even shared with a friend or family member, that data is at risk of exposure. Remember, whether a device is personally or employer-owned, HIPAA safeguards still apply!
Manual workflows for mileage reimbursement often make use of spreadsheets, emails, or shared folders, which lack clear records showing who viewed, edited, or shared information. Those mileage records could be accessed by people other than authorized users or individuals who actually require that information.
With no way to create or prove an audit trail, it becomes very difficult to assess exposure after an incident. This undermines HIPAA’s minimum necessary standard, which requires covered entities to take necessary precautions to “limit unnecessary or inappropriate access to and disclosure of protected health information.”
Businesses that regularly interact with protected health information (PHI) still have to meet or exceed HIPAA standards, even when tracking and submitting reports for mileage reimbursement. CompanyMileage offers the perfect solution in SureMileage, an employee mileage tracking app that automates and streamlines everything from trip planning to expense reporting for mobile workers.
Along with our app, SureMobile, we help HHC employees track their work-related travel and submit expense reports from their smartphones, all while meeting or exceeding HIPAA standards. Our suite of mileage reimbursement solutions also records all necessary information for EVV tracking, so workers can keep compliant without taking too much time out of their busy workdays.
CompanyMileage uses a three-tiered security approach, ensuring that all the data collected by our software is protected and secure at all times. We meet the highest standards for encryption when data is in transit and at rest. We also have robust access controls to protect the integrity of users’ accounts.
CompanyMileage facilities and servers are securely maintained and monitored 24/7, and we have firewalls in place to prevent unauthorized access to the system. To guarantee our clients’ privacy, our library of policies and procedures safeguard against unauthorized disclosures and breaches of confidential information. A key part of these policies and procedures is the Business Associates Agreement, or BAA, that we sign with all of our clients in the healthcare industry.
A BAA establishes accountability with any vendors or third-party services (such as mileage reimbursement software) being utilized by a covered entity. Not all software vendors are willing to sign one, leaving you, the covered entity, exposed in the event of any HIPAA breaches. But at CompanyMileage, we always have your best interests at heart, and we’re always ready to sign a BAA if necessary.
If you’re ready to learn more about CompanyMileage and all the ways we can help you optimize the reimbursement process while maintaining the highest compliance standards, contact us for a demo today!
Written by Kevin Winters
Kevin oversees client service and the development of the SureMileage solution, leveraging his extensive experience as a CPA, payroll service founder, and technology services leader. He co-founded Payroll Associates, Inc. in 1993, growing it into the largest independent payroll-processing provider in the Dallas-Fort Worth area, serving over 1,100 businesses and 60,000 employees. After the company was acquired by Paychoice in 2005, Kevin remained in senior management until 2006. He resides in Dallas with his wife and children.
Share this blog
Determine an estimated mileage rate based on gas prices in your area.
Figures are based on an internal analysis by CompanyMileage.
Find out how CompanyMileage can save you 25% on mileage reimbursement costs
Ready to see what CompanyMileage can do for your bottom line? Learn how using an accurate, efficient, and simple mileage reimbursement software can translate to over $1,000 in annual savings per mobile employee!
There’s a reason why hundreds of organizations prefer using CompanyMileage to track over 500 million miles a year, submit expenses, and process reimbursements. Discover how easy the process can be with the right tools.
On average, our clients experience a tenfold return on investment with CompanyMileage. Don't miss out on these savings – reach out to us today and see how much you could save!
This new integration enhances the way organizations reimburse mobile employees for work-related expenses in ADP, streamlining the process from mileage logging to reimbursement distribution. Now live on ADP marketplace.
Once connected, this integration simplifies the way businesses reimburse mobile employees for mileage and expenses, creating a more efficient process from logging mileage through reimbursement distribution.
