Healthcare costs are continuously on the rise. And while insurance covered the majority of medical expenses in the past, more and more people are having to pay high out-of-pocket costs, even those with insurance. This has resulted in more patients paying for care costs with credit cards—and this means hospitals have a bigger responsibility to protect their patients’ credit card data.
Healthcare facilities have to ensure they’re meeting Payment Card Industry (PCI) compliance regulations and take necessary precautions against hackers. So with all of this in mind, what should hospitals know about credit card security compliance?
Hospitals Are At Risk For Security Breaches
One of the biggest misconceptions when it comes to financial data security is that hospitals aren’t at high risk—many people think that banks and other major organizations have the highest risk of a breach. And while this may have been true in the past, it’s no longer the case. Hospitals are facing a rising number of security breaches.
In fact, in 2015 alone, there were 277 publicized breaches in the healthcare industry. Believing that hospitals aren’t at risk of credit card data breaches can result in devastating losses of unsecured data. Healthcare facilities have become a bigger target for hackers because they not only have credit card data, but they also have personal information that can be used with the credit card numbers.
With the rising risk of breaches, hospitals need to ensure all exchanges of information between their facility and patients are secure. Fortunately, there are methods and resources healthcare facilities can utilize to maximize security. When it comes to healthcare statement printing, hospitals should be using a system through a company that has been certified with HIPAA and trained properly—this will ensure patient statements are handled safely.
Without a proper statement printing system in place, hospitals can risk information landing in the wrong hands. So when healthcare facilities are choosing systems and companies to work with, they need to make sure efficient security is a top priority.
Noncompliance Is Becoming A Bigger Issue
As credit card use has increased over the years, PCI security standards have changed to adapt to the new marketplace. Retail locations were the main sources for focusing on noncompliance because of the sharp increase in credit card use. But in recent years, credit card companies and banks have broadened the focus to include hospitals as well. While it was the hope that all locations that accepted credit cards would automatically install the proper security features, that wasn’t always the case.
With hospitals using local computers to capture and store credit card information, they’re vulnerable to breaches. So more healthcare facilities are now being contacted for proof of their PCI compliance—there is too high of a risk when a hospital is noncompliant for banks and credit card companies not to be involved. Hospitals need the proper security systems in place and if they remain noncompliant to PCI security standards, they’re putting both their patients and their reputation at risk.
There Are New Technologies Available
Fortunately for today’s hospitals wanting to avoid dealing with noncompliance issues, there are plenty of opportunities to strengthen credit card security measures. Many healthcare facilities choose to process transactions through a third-party vendor if they don’t have the proper security measures themselves. Going through a PCI compliant third-party keeps card information off of the hospital’s network, minimizing the risk of a breach. Additionally, hospitals can use point-to-point encryption, which keeps data from being transmitted across the facility’s network, which is a cost-effective and convenient option. Or hospitals can even set up a network specifically for credit card payments, allowing for data to be secured easily.
And it’s not just using credit cards in person that needs to be secure—if someone is paying for their care over the phone, healthcare facilities need to ensure the call and the information given is secure, too. Hospitals should consider using a PCI compliant call center software in order to keep any information given over the phone securely. The right call center software will have options to regularly evaluate the security of the system, use updated encryption technology, and have a regulated information security policy in place. With the right system, hospitals can feel confident accepting payments over the phone.
PCI compliance is not something hospitals should leave on the back burner—in order to keep patients’ credit card and other sensitive information protected, healthcare facilities need to have the proper security measures in place.