Healthcare payment channels are expanding rapidly with new innovations, allowing patients to pay virtually anywhere, from any device and in any way they choose. With the expansion of payment channels, there comes a greater risk to the patients and the providers who accept the payments. Security for healthcare payments also continues to evolve, giving providers new tools to protect patient cardholder data, prevent fraud and also protect their organizations from the risk of a data breach.
As providers accept more payments from different channels and patients owe more money for healthcare services, it is more important for providers to be aware of new security innovations available for healthcare payments, and how to protect themselves from a data breach. As security innovations in healthcare payments and large-scale data breaches more frequently make new headlines in healthcare, healthcare organizations need to take a proactive approach. This will ensure that patients trust them with sensitive information.
Point-to-Point Encryption (P2PE)
In order to most effectively protect consumer payment card data, the data must be encrypted as soon as it is swiped or keyed, a process called point-to-point encryption (P2PE). P2PE is the most secure method of payment card security because once the data is encrypted, it is not decrypted until it arrives at the secured endpoint (the payment processor). Furthermore, no one can access the data at any point, including the merchant (the provider).
This method automatically segments the merchant network, separating systems that store, transmit or process cardholder data from those that do not – cutting down the number of systems and devices that are exposed to possible data breaches. P2PE also reduces the scope of PCI requirements for providers, therefore simplifying compliance and saving providers a great deal of hassle and frustration.
Ultimately, by encrypting payment card data at the point of service, providers reduce their risk of data breaches, which result in significant financial and reputation damages for their organizations.
EMV technology integrates a “chip” into a credit card to increase fraud protection for card-present transactions. EMV would offer protection in the event that a consumer tried to use a stolen credit card to pay for a good or service at the point of service. With upcoming regulations around EMV, a merchant may be financially liable for card-present fraud if they have not implemented EMV by October 2015.
However, EMV alone does not protect payment data or prevent a data breach – it merely prevents fraud at the point of service. To ensure payment data is protected, merchants must use encrypted EMV technology.
The recent release of Apple Pay will most likely prompt a new batch of questions from patients to their providers, including asking if they are accepting payments in this way and if it is truly secure. Currently in 220,000 retail locations as of the fourth quarter in 2014, Apple Pay allows consumers to make card payments at the point of service using near field communication (NFC) technology with an iPhone. This new payment channel not only offers consumers a quicker and more convenient way to pay, but also offers another layer of security. Credit card information is encrypted and stored directly on the phone and is never passed to the merchant or to Apple, decreasing the risk of a data breach.
Healthcare Payment Technology
As patients are responsible for a greater portion of their healthcare bills, providers are required to collect more frequently from their patients for larger amounts, and as a result, expand payment channels to ensure patients are able to conveniently pay them. Therefore, providers must incorporate the latest best practices in security to ensure their organizations and patients are protected when it comes to healthcare payments. At a minimum, providers must maintain compliance with all applicable PCI standards. It is important to note that P2PE is a key component to building a strong defense against data breaches.
InstaMed recently released a white paper with Coalfire, a leading Payment Card Industry (PCI) assessor, to educate the healthcare industry on the latest in payment security to ensure providers and patients are protected. Click HERE to download the white paper!
Bill Marvin has been in the healthcare revenue cycle and payment industry since 1993 and is the President and CEO of InstaMed, the leading Healthcare Payments Network. Prior to InstaMed, Bill was an executive in Accenture’s Health and Life Sciences practice, focused on payer to provider connectivity. Prior to Accenture, Bill founded CareWide (now a part of AllScripts after three acquisitions), a practice management system for provider offices.