What You Need to Know About Accepting Payments at Your Healthcare Facility



As the owner of a medical facility, the well-being of your patients is one of your top priorities. Your concern must extend not only to the quality of the medical interventions you provide but also to the security of patients’ personal data. Following some basic rules can maximize their security and yours, ensuring that you are compliant with federal and financial industry regulations when it comes to healthcare payment processing.

Are Data Breaches a Serious Issue in the Healthcare Industry?

In recent years, public attention has focused on the vulnerabilities of mega-companies such as Anthem, which unscrupulous hackers have exploited in order to obtain patient data including names, social security numbers, and payment details. Healthcare providers both large and small are susceptible to attack both because they possess the data that criminals want, and because many lack the technological expertise and equipment to combat them.

If large companies like Anthem are victimized, what is a small owner like you to do? You might be lulled into complacency, believing that your electronic health records are inherently secure. Even if they are, hackers can attack you if your payment processing system is not compliant with federal HIPAA and Payment Card Industry Data Security Standard (PCI DSS).

Change the Way You Provide Receipts

Some processing systems provide receipts to customers by text or SMS. Unfortunately, because SMS is not considered by HIPAA to be a secure technology, you are not allowed to send protected health information (PHI) through that vehicle. Instead, furnish a paper receipt or send the receipt via a secure email system.

Sign Up for a Business Associate Agreement with Your Processor

If your payment processing company does nothing more than facilitate payments for you, you don’t need to take this step. However, if they provide any additional services such as gift or loyalty cards, reporting, account analysis, or other additional features, HIPAA requires you to get a business associate agreement.

Secure All Stored Card Numbers

Any numbers that you keep on hand for any reason and in any format must be kept securely. That means having a locked storage space for any written authorizations that contain this customer information that is so desirable to criminals.

Make Sure Your Credit Card Processing Hardware is Secure

Your system uses the internet to communicate with your processing company. Therefore, you are required to be sure that your connection is PCI-compliant. If your system enables you to use an iPad or other tablet, you also need to take steps to make it secure as well.

Data breaches can happen to anyone, no matter how small or large the organization might be. Don’t stand by and become the next victim. Take these steps today, and protect yourself and your patients well into tomorrow.