Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Maybe.
Recommend for your HIPAA risk management needs?: Maybe. In order to use this product you must assure you have deleted all PHI from the financial documents you send to Bench software. As Bench does not offer Business Associate Agreements you would not be covered if an accidental breach occurs.
# of Caveats: 1 view caveats→
# of Usage Notes: 0 view notes→

Relevant Product Characteristics

  • This product does not appear to have been designed specifically with healthcare in mind. Note that many products that are useful and appropriate for health care professionals are not designed specifically with health care in mind.

What Is This Product?

Bench is bookkeeping software that has the capability to sync with your financial accounts including all major banks. At the start of each month, this sync automatically pulls your statements into Bench software and reconciles your accounts, categorizes your transactions, and produces your financial statements. Bench also provides support around bookkeeping questions. At the end of each month Bench sends you a review of your books.

Our Impressions

We contacted Bench as a potential customer; we indicated that we were a mental health provider and responsible for maintaining HIPAA security and privacy. Customer service assured us that Bench works with thousands of mental health providers to keep their clients’ information safe, and they provided a link to their Privacy Statement. They also indicated that their services do not collect PHI. We determined that this information provided to us was misleading as the potential for reports to contain PHI is high (e.g. client payment card info and check copies). When we asked Bench support about these examples they then let us know there is an option to delete this information from the records before sending it to them. We asked if Bench provides onboarding for health provider-specific training on how to best use their product in a HIPAA-secure manner. They indicated they share best practice methods if users ask for it. We found this problematic because potential users who are interested in using Bench’s services could be sold on this product without having all the information they need to use the product in a way that is HIPAA secure.

This product offers a free service tier or a free trial account:

We encourage all clinicians interested in this product to try out the free trial or experiment with the free tier to see if it suits your needs.

If you discover anything of concern that isn’t addressed in this review yet, please tell Liath about it at [email protected].


Caveats are criticsms of the company or product that we feel are relevant to your risk management or other important considerations.

1) Bench does not conduct Business Associate Agreements

Bench does not offer Business Associate Agreements for its users. If you opt into using Bench and choose to delete PHI from your financial documents before sending them to Bench, you must analyze the risk of human error and the potential for some PHI accidentally not being deleted and sent to their software.


Notes cover points where the product can’t ensure compliance or ethical action for you. These help you know what your part of the compliance puzzle looks like when using this product. A high note count usually correlates with a feature-rich product, and not necessarily with a product that has problems.



Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss