Hold the Phone! Is Your Call Center Protected?

“Hello, what is your credit card number?” Have you ever found yourself in a situation where you have been asked for your credit card information over the phone? Have you ever wondered where that person was working?

Whether you are paying a healthcare bill or covering an insurance premium, there are several healthcare transactions that may require consumers to verbally give out their credit card to someone unknown to them over the phone. Credit card data and healthcare data continue

Tagged healthcare payments, omnichannel payments, PCI compliance, VoIP

Payer Security Focus: Compliance Versus Security

Every month, the Payer Security Focus will break down a different topic in security and compliance with information relevant to payers and actionable steps to help build a more robust security and compliance program at their organizations. This month’s topic is compliance versus security.

What is the Difference Between Compliance and Security?
To understand the importance of compliance and security in healthcare payments, first let’s clarify the difference between the terms compliance and security. Both are important to healthcare payments, but these

Tagged healthcare payment security, payers, Payment security, PCI compliance

The InstaMed Secure Token

Deliver a Seamless and Secure Online Consumer Payment Experience and Reduce PCI Scope Up to 90%

The InstaMed Secure Token enables healthcare organizations to deliver a seamless and secure online consumer payment experience within their existing portals with cardholder data never touching their servers. As a result, consumers can make one-time payments and also have full access to their digital wallet for future or recurring payments while using any device. Likewise, healthcare organizations significantly reduce their PCI compliance efforts and ensure

Tagged Compliance and Security, healthcare payment security, InstaMed Secure Token, PCI compliance, PCI scope

What Does it Mean to Offer a PCI-Validated P2PE Solution?

Guest blogger: Tim Winston CISSP, CISA, QSA (P2PE)

Many payment vendors claim to offer P2PE (point-to-point encryption) solutions but are not actually PCI-validated. What does it mean to offer a PCI-Validated P2PE Solution Provider? Tim Winston from Coalfire, a PCI SSC Qualified Security Assessor Company, answers some of the most frequently asked questions about P2PE solutions.

What is a QSA (P2PE)?

A QSA (Qualified Security Assessor) Company is recognized by the PCI Council as a qualified assessor of an organization’s adherence to PCI

Tagged P2PE, PCI compliance, PCI scope, PCI-DSS, PCI-Validated P2PE Solution Provider

How to Heal a Broken Heart(bleed Bug)

Last month, Valentine’s Day had me reflecting on matters of the heart (even security officers can be sentimental now and then) and I took some time to think about love, relationships and heartbreak. Heartbreak is hard. It can make us feel used and question how we could have let ourselves become vulnerable to such pain. After heartbreak happens, we find ourselves patching up the places where our heart was exposed and revaluating ourselves to figure out how we can prevent

Tagged Compliance and Security, healthcare payment security, PCI compliance, PCI-DSS

Introducing: Security Corner with Noah Dermer

Welcome to the Security Corner
Welcome to the first installation of InstaMed’s Security Corner, a monthly blog feature discussing important topics in compliance and security with me, Noah Dermer. I came to InstaMed in 2015 to join the Security and Compliance team. Previously, I was the Chief Security Officer at Epic Systems, where one of my responsibilities was building security into Epic’s enterprise applications. As Security Officer at InstaMed, my goal is to support our security and compliance mission as well

Tagged Compliance and Security, EMV, healthcare payment security, P2PE, PCI compliance, PCI scope, PCI-DSS, security

Ask the Expert: EMV, Encryption and Reducing Your PCI Scope

Tony Hansen is a Payment Card Industry Professional (PCIP) at Providence Health Systems. Providence is the third largest not-for-profit health system in the U.S., operating 34 hospitals in five states. Earlier this year, Tony met with a group of Epic Users about the importance of EMV and how encryption helps reduce PCI scope and protect against the threat of fraud and stolen personal data.

Below are the insights and advice Tony shared regarding some of the most frequently asked questions about

Tagged Best Practice, Compliance and Security, EMV, HIPAA, PCI compliance, PCI scope, PCI-DSS

Blog Post Topic: PCI compliance