HIPAA-aware payment vault
PCI-DSS Level 1 tokenization that keeps patient identity out of the payment metadata path. BAAs available where the integration architecture warrants one.
// INDUSTRIES
Payments built for telehealth and virtual care.
HIPAA-aware payment infrastructure for telemedicine platforms, virtual-first clinics, and direct-to-consumer medical. Recurring memberships, HSA / FSA acceptance, and LegitScript-aware underwriting.
// THE CHALLENGE
Telehealth combines two payment problems most processors don't handle well at once: recurring billing for memberships and care plans, and a regulatory environment that expects PHI separation, BAA coverage, LegitScript-equivalent compliance, and patient-friendly billing transparency. Generic processors leave you to bridge the gap.
// HOW VON PAY SOLVES IT
Von Payments pairs network tokenization (cards stay valid through reissues for chronic-care continuity) with a PCI-DSS Level 1 vault and BAA-eligible integration patterns that keep PHI out of the payment path. HSA/FSA card acceptance, LegitScript-aware underwriting for DTC-medical and pharmacy-adjacent platforms, smart retry, and dunning workflow round out the stack.
// WHAT YOU GET
Built around how this vertical actually runs.
Membership & recurring care
Network tokens via Visa Token Service + Mastercard MDES keep saved cards valid through reissues — patients on chronic-care plans don't break billing when cards rotate.
LegitScript-aware underwriting
Compliance review for DTC-medical, pharmacy-adjacent telehealth, and prescriber-credentialed platforms. Acquirers we route through expect the documentation upfront.
// COMMON QUESTIONS
What underwriting usually asks about this vertical.
- Do you support HIPAA-compliant payment workflows?
- Yes. Card data is tokenized on Von's PCI-DSS Level 1 vault, never touching the merchant's server, and our payment endpoints can be configured to keep PHI separated from payment metadata. We sign BAAs where the integration architecture warrants one — talk to our compliance team during onboarding.
- Can patients store cards on file for ongoing care?
- Yes. Network tokenization (via Visa Token Service and Mastercard MDES) keeps saved cards valid through reissues — patients on chronic-care plans, recurring visits, or membership models don't lose billing when their card gets rotated.
- Do you handle subscription / membership-style telehealth billing?
- Yes — direct integration with Recurly, Chargebee, and our own API for custom billing. Smart retry handles transient declines, dunning workflow handles harder declines, and webhook-driven lifecycle events feed your finance and clinical CRM tooling.
- What about HSA / FSA card acceptance?
- We support HSA / FSA card acceptance for eligible medical services through standard MCC routing. Eligible-good identification and IIAS compliance are part of underwriting setup.
- How do you handle LegitScript and pharmacy / DTC-medical compliance?
- Underwriting reviews LegitScript-equivalent compliance posture, FDA / state pharmacy licensing where applicable, and prescriber credentialing for telehealth platforms that prescribe. Acquirers we route through expect the documentation upfront, so onboarding moves faster when it's prepared.
- How fast can a telehealth platform get live?
- Underwriting is typically 5–10 business days once compliance documentation is in. Vera, our AI onboarding assistant, captures everything in chat and routes you to the acquirer most familiar with telehealth and digital-care models.
We support more than just this vertical.
See all industries we serve// LIVE IN DAYS
Get rates for your business in days.
Twenty minutes from first message to signed application. Underwriting decisions same-day for low-risk vectors. Specialty verticals get human review.