The severity of these incidents has fallen compared to previous years, but the number of incidents continued to rise. The 342 incidents in 2017 were up from 270 in 2015, and 327 in 2016.
Given these continued risks, healthcare providers need to be aware of key security technologies in the market, including the latest developments in payment solutions.
Major card brands have been driving adoption of EMV technologies and related payment solutions in the U.S., and non-compliant providers face liability for fraud chargebacks, and leave their systems highly vulnerable to security breaches. Whether it’s a hospital, clinic or urgent care unit, securely accepting payments with EMV-compliant technologies is crucial to avoiding security risks.
Upgrading to EMV should also make providers think about their overall payment acceptance infrastructure and look for opportunities for enhancements. Whether they look to accept mobile wallets or consider a semi-integrated approach for better security (see below), EMV is just the beginning.
Point-to-Point Encryption (P2PE): The proven solution to reduce card data theft
One of the best ways to prevent these costly breaches is to deploy P2PE, which protects card data throughout the payment process—from start to finish. Across many industries, P2PE has become a standard method to secure card data from potential interception during payment processing.
For healthcare providers looking to provide their patients with a secure way to pay, it’s a proven solution that can help you protect your patient’s sensitive information while protecting your hospital or clinic.
Tokenization: Multi-layered security to protect cardholder data
In theory, even if they could breach your system, they can only access the encrypted tokens, which contain no card information. Along with P2PE and EMV, tokenization enables healthcare providers to limit the overall cardholder data risk environment and reduce PCI compliance scope. Reducing compliance scope delivers additional benefits in minimizing the time and cost required for audits.
Like EMV and P2PE, tokenization has become popular across industries and is a proven method of fully protecting a payment infrastructure.
Semi-Integrated Security Solutions: Reduce PCI scope, save time and money
In this payment environment, sensitive card data never comes in contact with your revenue cycle system or back office infrastructure. This strengthens payment security while it reduces the PCI scope of these systems. In the event of a data breach, it also means cyber criminals won’t gain access to any credit card information because the healthcare provider’s systems didn’t come in contact with it.
By keeping your revenue cycle system and back office systems out of the transaction flow, semi-integrated payment solutions reduce PCI scope. For healthcare providers, this can result in huge cost savings on compliance and increase the chances of a successful PCI audit. It also saves time because a PCI audit takes less time with a semi-integrated solution than it does with a fully integrated environment.
A semi-integrated solution also separates the healthcare provider’s systems from the payment process, which allows them to adopt changes or upgrades to their point of payment acceptance or back-office systems without affecting payment security. As payment technology evolves, this makes it easier for healthcare providers to be more agile and responsive to changing industry demands.
With EMV, a multi-layered security approach and semi-integrated security solutions, healthcare providers can provide powerful security and a faster, more convenient payment process for their patients.
If you would like to get in touch with us about our healthcare solutions, click here to request more information.
Jeffrey Fountaine is Director, Healthcare Strategy at Ingenico Group, North America
Related blog posts: