You need PCI compliance if you accept credit card payments. Even though taking payments through a credit card processor can generate personally identifiable information, HHS have stated that
collecting payments is excluded explicitly from HIPAA mandates. This is as long as you only use it to collect payment. Do NOT agree to a credit card processor's other features like invoicing and financial analysis unless you first get a BAA from them.
Google Forms would not be PCI compliant if they are keying in their credit card information and then stored on a Google Sheet on your end. Ideally, you would not see the credit card information or have it stored anywhere at all.
Usually your EMR would have this integrated. Otherwise, I would stick to ACH payments or wire transfer or simply a check. You can also use Bluefin, Ivy Pay, or Square. It might be a good idea to sign a BAA. I wouldn't do Venmo, Zelle, Paypal, CashApp, Stripe, Apple Pay. Not in this case. They are pretty good for
casinos like cafe casino which I sometimes come in to find new exclusive games. But for such a business it is better to consider other options.