Healthcare Business Management Association - HBMA
Leading the Business of Healthcare Login
HBMA News HBMA News - HBMA Healthcare Business Management Association

3 Opportunities to Ensure Payment Security


Read more great articles from Billing

Read more from the latest issue of Billing.

New Payment Methods Bring Increased Risk

Offering multiple ways to pay is a proven strategy for billing services to help provider clients engage patients in the payment process and help improve patient collections. As payment responsibility increases, patients bring expectations from their consumer experiences and demand new ways to pay their healthcare bills. To meet these consumer demands, billing services can expand payment channels to include online and mobile payments, payment plans, and automatic payments.

However, if not properly managed, these payment channels can significantly increase the risk for a data breach for billing services and their provider clients. Billing services at risk of a data breach face serious repercussions that can impact client trust and ultimately future revenue.

By using industry-proven best practices and secure payment technology, billing services can greatly reduce security risks to payment information and ensure sensitive information is protected. Below are the three opportunities to ensure payment security at your billing service.

Online and Mobile

A whopping 93 percent of patients want to pay their bills online, according to InstaMed's 2014 Trends in Healthcare Payments Annual Report. The most secure way to deliver this payment option is to look for an embedded solution. Embedded payment solutions allow billing services to securely collect payments online and from mobile devices without payment card data passing through their networks.

Some billing services may hesitate to offer mobile payment options as they have reservations about the level of security. Actually, mobile payment options are among the most secure channels available. When a patient uses Apple Pay, payment card data is encrypted and stored directly on the phone and is never passed to the merchant or Apple.

Payment Plans and Automatic Payments

As payment responsibility increases, many billing services have started offering payment plans to allow patients to pay down large balances over time. However, payment plans can create a risk of a data breach if the billing service uses paper-based or manual processes to manage these recurring payments, such as writing payment information on paper that any staff member can access.

Instead, a billing service can securely save payment information on file by using technology that encrypts that data as soon as it is entered, which significantly reduces the risk of payment information being stolen. Then the billing service can automate the collection of payment responsibly as the payment method is securely saved on file.


Many billing services support provider clients who collect payment at the point of service. Billing services can offer the highest level of security to this segment of clients with card devices that are EMV-capable and deliver point-to-point encryption (P2PE).

EMV, which stands for Europay, MasterCard and Visa, is a global standard for authenticating payment card transactions with integrated circuit cards, or "chip cards," at capable point-of-sale terminals. EMV verifies in card-present, face-to-face transactions that a card is valid and not created with stolen card data. The chip on the card creates a dynamic piece of data that speaks to the card issuer during a transaction, enabling the issuer to recognize the card, authenticating it.

As of October 1, 2015, if a merchant accepts a fraudulent card on a non-EMV capable device, the payment will not be reimbursed for that fraudulent transaction. However, EMV alone cannot protect billing services or their clients in the event of a data breach. To best protect payment information, providers should look for a solution that couples EMV with P2PE.

P2PE is the most secure method of payment card security because once the data is encrypted, it is not decrypted until it arrives at the secure endpoint (the payment processor). P2PE isolates the payment data to ensure that sensitive data is not leaked or accessed at any point, reducing the risk of a breach.

Critical to the Future of Business
The addition of new payment channels can help billing services attract new clients and retain existing clients with a comprehensive suite of options for patients to pay. This will be crucial to the future of business as patient payments become a larger portion of revenue and billing services are challenged to meet their expectations from consumer industries.

Jeff Lin is senior vice president of product management at InstaMed. Before joining InstaMed, Lin was an executive at Accenture, where he led multiple enterprise projects for multiple Fortune 100 companies. Lin's experience and expertise include a deep focus in the areas of product management, product strategy, product marketing, and developing strategic partnerships.

For more information on payment security, download the InstaMed Security and Encryption in Healthcare Payments white paper at

Related Searches: Opportunities, Ensure, Payment, Security