Healthcare Business Management Association - HBMA
Leading the Business of Healthcare Login
Public News Public News - HBMA Healthcare Business Management Association

Convenient and Secure Payment Options


Convenient and Secure
Payment Options

The Benefits of Patient Portals, Digital Wallets, and Apple Pay for Billing Services

New online and mobile payment options are becoming more common in healthcare due to their ability to simplify the payments process and deliver a consumer-friendly experience to patients. Patients are also coming to expect these kinds of convenient payment options for their healthcare encounters. According to the Trends in Healthcare Payments Sixth Annual Report: 2015, 64 percent of consumers reported having an interest in using a new mobile payment system such as Apple Pay, Samsung Pay, or Android Pay to make a healthcare payment.

However, some billing services might hesitate when it comes to online and mobile payments because of misconceptions around security. Considering the increase in security breaches at healthcare organizations, this hesitation is not unwarranted. Billing services might also worry that introducing new payment options could present a disruption to workflow, which can be time-consuming, impractical, and frustrating.

In reality, these technologies can improve payment security, all while creating a better payment experience for patients, and greater efficiency for billing services and their clients. As long as billing services consider the security of the payment solutions they want to implement, online and mobile payment options – such as patient portals, digital wallets, and Apple Pay – can deliver multiple benefits to all stakeholders.

One of the top considerations for billing services looking to add online and mobile payment options is PCI compliance. PCI DSS (Payment Card Industry Data Security Standards) applies to all entities involved in payment card processing, including merchants, processors, financial institutions, and service providers. It also applies to all other entities that store, process, or transmit cardholder data or sensitive authentication data. To offer online and mobile payment options, billing services must ensure that they maintain PCI compliance. Billing services will also want to be aware of their PCI scope. The way new payment technologies are implemented can affect the size of an organization's PCI scope. To reduce PCI scope, billing services can implement payment solutions from a PCI Level 1 Service Provider.

Understanding the importance of PCI and payment security, let's consider new payment technologies that can deliver excellent payment security while improving the healthcare payments experience.

Patient Portal
According to the Trends in Healthcare Payments Sixth Annual Report: 2015, 75 percent of patients use online payment channels to pay their household bills. Most patients expect this convenient payment option when it comes to paying their healthcare bills, too. As patient payment responsibility continues to rise, it is critical that billing services offer the convenience of online payments in order to collect payments. Billing services can leverage a patient portal to give patients this option. With a patient portal, patients can go online 24/7 from any device to make payments with their preferred payment method, which offers patients more flexibility and billing services more chances to collect payments.

If you already have a patient portal that patients visit regularly, select a payment solution that can embed payment functionality directly within your existing portal. Not only does this deliver a seamless, consistent experience to patients, it also offers a high level of security and can significantly reduce PCI scope, as embedded payment solutions allow providers to securely collect payments online and from mobile devices without ever having credit card data passing through the networks. To guarantee this PCI scope reduction, be sure to leverage a payment solution from a PCI Level 1 Service Provider.

Patients will appreciate the ability to go online to pay their healthcare bills with their preferred payment method, but make sure patients know this is an option. You can maximize your online payment potential by training staff and your provider network to capture patient email addresses at every interaction point and communicate with your patients electronically. You can use email to inform patients about your patient portal or links to eStatements whenever they owe a balance. Be sure to include a link to your patient portal in every email communication so patients always have quick access to go online to make a payment.

Billing services can also use a patient portal to offer patients payment plans as another convenient way to pay their healthcare bills. Patients can access the patient portal and set up a payment plan to pay off large balances in increments that are automatically collected using a payment method saved on file. This is a convenient option for patients and can guarantee revenue for billing services with automated, recurring collections.

Digital Wallets
Patients have expectations set by innovators in other industries for convenient payment options and they are bringing these expctations to healthcare. Consumers expect a simple experience that does not require them to re-enter their credit card information every time they pay online (think Amazon and Uber). The ability to set up a digital wallet is a must-have feature for a patient portal.

With a digital wallet, patients can go online and store their payment information for convenient future payments. The next time a patient logs in to your portal to make a payment, they can simply select the payment method they want to use instead of re-entering the information. A digital wallet makes online payments even faster and reduces how many clicks it takes before your providers get paid.

However, digital wallets directly storing credit card numbers can result in expanded PCI DSS burdens. To reduce this burden, billing services can use tokenization to improve the security of a digital wallet. Tokenization is a way to represent one item with something else. Think about your monthly train or bus pass if you take public transportation: The pass is really a token that you carry with you every day, as it represents the money you've paid to use the service. The pass itself has no monetary value. You can't take your bus pass to the supermarket to buy groceries or to Staples to buy a new ink cartridge. For online and mobile payments, tokenization represents a similar concept. Instead of storing the patient's cardholder data, a billing service can leverage a payment solution to store the data securely and issue a token to represent the payment information.

Tokenization presents many security benefits to healthcare. When a payment card enters a secure payment application with tokenization, the card information gets converted to a token that is associated with your billing service only. This does not necessarily prevent data theft, but it does prevent someone from using the stolen token to pay for something else. The token has no value outside of the payment transaction it was being used for because it is exclusively associated with your healthcare organization.

Apple Pay
Since its introduction in October 2014, Apple Pay has grown in popularity with consumers. Apple Pay allows consumers to use their mobile devices to make payments instead of reaching for their credit card. Apple Pay is extremely secure and leverages three technologies to support its payments: Near Field Communication (NFC), "The Secure Element" and Touch ID.

NFC lets two devices communicate when each device is within a few inches of each other. In the case of Apple Pay, a consumer would bring their iPhone within inches of an NFC-equipped payment terminal.

Each iPhone contains a "secure element," which is a separate chip dedicated to security. When patients input their credit card into their iPhone, the card network (Visa, MasterCard, American Express, etc.,) sends a token to Apple which is then stored on the phone in the secure element. This secure chip is also the only element within the device that can produce the token.

Apple uses a Touch ID to authenticate point-of-sale and in-app Apple Pay purchases. Users touch their fingerprints to their iPhone to verify their identity, and then the iPhone sends the token to the NFC terminal to process the payments.

With the growing popularity of integrated health applications and wearable tech, it is likely that Apple Pay will continue to be relevant to healthcare payments. Considering how secure Apple Pay's payment technology is, it presents an excellent opportunity for billing services to deliver consumer-friendly payments while maintaining excellent levels of security.

Billing services and their clients who offer the aforementioned payment options stand to benefit in multiple ways. Convenient payment options offer patients the flexibility to pay their healthcare bills how and when they want, which makes them more likely to pay, and can result in increased collections for billing services. These payment options can also greatly improve efficiency and streamline the entire payments process by reducing the amount of time spent collecting patient payments, including the number of follow-up calls and multiple paper statements mailed to collect. These benefits, combined with the ability to improve payment security and decrease the burdens of PCI compliance, explain how new payment options like patient portals, digital wallets, and Apple Pay deliver an improved healthcare payments experience that benefits all stakeholders.

Noah Dermer is a security officer at InstaMed, healthcare's most trusted payments network. Prior to joining InstaMed, Noah was Epic's chief Privacy and Security officer and also managed Epic's security R&D team, which develops software that helps hospital organizations ensure the confidentiality, availability, and integrity of healthcare data. Prior to his work on the security team, Noah worked at Epic on clinical applications where he designed, coded, and maintained computerized physician order entry software. He has also been a network administrator and worked for a large financial technology services company and a technology consulting firm.


Related Searches: Secure Payment Options, Patient Portals, Digital Wallets, Secure Payments