Data breaches have troubled the U.S. market for a long time, but healthcare providers are the worst affected. According to the HIPAA journal, there were at least 342 healthcare security breaches reported to the U.S. Department of Health and Human Services in 2017.
The severity of these incidents has fallen compared to previous years, but the number of incidents continued to rise. The 342 incidents in 2017 were up from 270 in 2015, and 327 in 2016.
Given these continued risks, healthcare providers need to be aware of key security technologies in the market, including the latest developments in payment solutions.
EMV: The global standard to curb credit card fraud
Nearly everyone involved in accepting payment is aware of EMV migration by now. EMV uses microchips embedded in credit and debit cards, and it’s now the global standard for verifying the authenticity of cards at the point payment acceptance.
Major card brands have been driving adoption of EMV technologies and related payment solutions in the U.S., and non-compliant providers face liability for fraud chargebacks, and leave their systems highly vulnerable to security breaches. Whether it’s a hospital, clinic or urgent care unit, securely accepting payments with EMV-compliant technologies is crucial to avoiding security risks.
Upgrading to EMV should also make providers think about their overall payment acceptance infrastructure and look for opportunities for enhancements. Whether they look to accept mobile wallets or consider a semi-integrated approach for better security (see below), EMV is just the beginning.
Point-to-Point Encryption (P2PE): The proven solution to reduce card data theft
Based on IBM’s Cost of Data Breach Study, healthcare organizations have an average cost of $355 per stolen data record. Based on IBM’s analysis, that puts the average cost of 2017’s data breaches at a staggering $3.62 million per incident.
One of the best ways to prevent these costly breaches is to deploy P2PE, which protects card data throughout the payment process—from start to finish. Across many industries, P2PE has become a standard method to secure card data from potential interception during payment processing.
For healthcare providers looking to provide their patients with a secure way to pay, it’s a proven solution that can help you protect your patient’s sensitive information while protecting your hospital or clinic.
Tokenization: Multi-layered security to protect cardholder data
Along with EMV and P2PE, tokenization is another important piece to a complete multi-layered security approach. It helps protect patients’ cardholder data when it’s being stored by your hospital or clinic. By replacing card data with a secure token during payment transactions, hackers are unable to access the actual card information.
In theory, even if they could breach your system, they can only access the encrypted tokens, which contain no card information. Along with P2PE and EMV, tokenization enables healthcare providers to limit the overall cardholder data risk environment and reduce PCI compliance scope. Reducing compliance scope delivers additional benefits in minimizing the time and cost required for audits.
Like EMV and P2PE, tokenization has become popular across industries and is a proven method of fully protecting a payment infrastructure.
Semi-Integrated Security Solutions: Reduce PCI scope, save time and money
A semi-integrated payment environment, as mentioned above, brings many benefits to healthcare providers. With this solution, healthcare providers can reduce their vulnerability to data breaches by keeping sensitive card data out of their revenue cycle environment.
In this payment environment, sensitive card data never comes in contact with your revenue cycle system or back office infrastructure. This strengthens payment security while it reduces the PCI scope of these systems. In the event of a data breach, it also means cyber criminals won’t gain access to any credit card information because the healthcare provider’s systems didn’t come in contact with it.
By keeping your revenue cycle system and back office systems out of the transaction flow, semi-integrated payment solutions reduce PCI scope. For healthcare providers, this can result in huge cost savings on compliance and increase the chances of a successful PCI audit. It also saves time because a PCI audit takes less time with a semi-integrated solution than it does with a fully integrated environment.
A semi-integrated solution also separates the healthcare provider’s systems from the payment process, which allows them to adopt changes or upgrades to their point of payment acceptance or back-office systems without affecting payment security. As payment technology evolves, this makes it easier for healthcare providers to be more agile and responsive to changing industry demands.
With EMV, a multi-layered security approach and semi-integrated security solutions, healthcare providers can provide powerful security and a faster, more convenient payment process for their patients.
If you would like to get in touch with us about our healthcare solutions, click here to request more information.
Jeffrey Fountaine is Director, Healthcare Strategy at Ingenico Group, North America
Related blog posts: