Offering patients multiple ways to pay is the best way to engage patients in the payment process and maximize your patient payment collections. However, new payment options can lead to increased security risks if providers do not take the proper precautions. With data breaches threatening serious financial and reputational repercussions, providers should look for ways to enhance security and protect sensitive payment information.
Here are three opportunities to enhance payment security at your practice:
Point-of-Service
Many providers accept credit cards in the office at the point-of-service. To offer the best level of security at this payment point, providers may need to invest in new card devices that are EMV-capable and deliver point-to-point encryption (P2PE).
EMV stands for Europay, MasterCard and Visa; it is a global standard for authenticating credit and debit card transactions with integrated circuit cards, or “chip cards” at capable point of sale (POS) terminals. EMV verifies in card-present, face-to-face transactions that a card is valid and not created with stolen card data. The chip on the card creates a dynamic piece of data that speaks to the card issuer during a transaction, enabling the issuer to recognize the card, authenticating it. As of October 1st, providers that accept a fraudulent card on a non-EMV capable device will not be reimbursed for that fraudulent transaction.
However, EMV alone will not protect you in the event of a data breach. To best protect payment information, providers should look for a solution that couples EMV with P2PE. P2PE is the most secure method of payment card security because once the data is encrypted, it is not decrypted until it arrives at the secure endpoint (the payment processor). P2PE isolates the payment data to ensure that sensitive data is not leaked or accessed at any point, reducing the risk of a breach.
Online and Mobile
According to the 2014 Trends in Healthcare Payments Annual Report, 93 percent of patients want to pay their bills online. The most secure way to deliver this payment option is to look for an embedded solution. Embedded payment solutions allow providers to securely collect payments online and from mobile devices without ever having credit card data passing through the networks.
Some providers might hesitate to offer mobile payment options because they are unsure of their level of security. In reality, mobile payment options are very secure. For example, when a patient pays using Apple Pay®, credit card information is encrypted and stored directly on the phone and is never passed to the merchant or Apple.
Payment Plans and Automatic Payments
As patient payment responsibility increases, many providers have started offering payment plans to ensure the collection of large balances. To set up payment plans, providers save a patient’s credit card on file so they can charge it in a series of installments. However, many providers do not save credit card information in a secure and compliant way, like writing down information on a piece of paper and storing it in a folder.
Instead, providers can leverage technology to store patient credit card information securely online. This significantly reduces the risk of payment information being stolen. Plus, providers can automate the collection of patient responsibility because the payment method is already saved on file.
To learn more about payment security in healthcare, be sure to visit InstaMed at HIMSS 2016, booth 418.