New Security Innovations for Healthcare Payments
Read more from the latest issue of Billing.
Healthcare payment channels are expanding rapidly with new innovations, allowing patients to pay virtually anywhere, from any device, and in any way they choose. With the expansion of payment channels, there comes a greater risk to billing services and medical practices that accept the payments. Security for healthcare payments also continues to evolve, giving billing services and their clients new tools to protect cardholder data, prevent fraud, and protect their businesses from a data breach.
As providers accept more payments from different channels and consumers owe more money for healthcare services, it is more important for billing services and their clients to be aware of new security innovations available for healthcare payments and how to protect themselves from a data breach. With a proactive approach to payment security, billing services position their business as a valuable asset to help clients prepare for the future, especially as security innovations in healthcare payments and large-scale data breaches frequently make news headlines.
In order to most effectively protect payment card data, the data must be encrypted as soon as it is swiped or keyed, a process called point-to-point encryption (P2PE). P2PE is the most secure method of payment card security because once the data is encrypted, it is not decrypted until it arrives at the secured endpoint (the payment processor). Furthermore, no one can access the data at any point, including the merchant (the provider client).
This method automatically segments the merchant network, separating systems that store, transmit, or process cardholder data from those that do not – cutting down the number of systems and devices that are exposed to possible data breaches. P2PE also reduces the scope of PCI requirements for a billing service's provider clients, therefore simplifying compliance – saving billing services and their clients a great deal of hassle and frustration.
Ultimately, by informing clients about encrypting payment card data at the point of service, billing services empower clients to reduce their risk of data breaches, which can cause billing services and clients significant financial and reputational damages.
EMV (Europay, MasterCard, Visa) technology integrates a "chip" into a credit card to increase fraud protection for card-present transactions. For provider clients, EMV offers protection in the event that a patient tries to use a stolen credit card to pay for a co-pay at the point of service. With upcoming regulations around EMV, a client may be financially liable for card-present fraud if they have not implemented EMV by October 2015.
However, billing services and clients should be aware that EMV alone does not prevent a breach – it merely prevents fraud at the point of service. To ensure payment data is protected, clients must use encrypted EMV technology.
The recent release of Apple Pay will most likely prompt a new batch of questions from provider clients to their billing services, including if accepting payments this way is truly secure. Apple Pay was in 220,000 retail locations as of the fourth quarter 2014 and allows consumers to make card payments at the point of service using near field communication (NFC) technology with an iPhone. This new payment channel not only offers consumers a quicker and more convenient way to pay but also offers another layer of security. Credit card information is encrypted and stored directly on the phone and is never passed to the merchant or to Apple, decreasing the risk of a data breach.
Healthcare Payment Technology
As additional payment channels become available for providers to accept patient payments, it is crucial that billing services ensure they and their clients have encryption in place. As healthcare payment channels expand for consumers to pay their providers, billing services must offer the best security practices to ensure their clients and consumers are protected. Billing services can communicate to clients that, at a minimum, they must maintain compliance with all applicable PCI standards. However, it is also important for billing services to emphasize that P2PE and EMV are key components to building a strong defense against data breaches.
For more information, see InstaMed's Payment Card Encryption Payment Card Industry Technical Assessment whitepaper: www.instamed.com/white-paper-payment-card-encryption.
Bill Marvin has been in the revenue cycle industry since 1993 and is the president and CEO of InstaMed, the leading healthcare payments network. Prior to InstaMed, Bill was an executive in Accenture's Health and Life Sciences practice, focused on payor to provider connectivity. Prior to Accenture, Bill founded CareWide (now a part of AllScripts after three acquisitions), a practice management system for provider offices.