Payer Security Focus: PCI DSS

Every month, the Payer Security Focus will break down a different topic in security and compliance with information relevant to payers and actionable steps to help build a more robust security and compliance program at their organizations. This month’s topic is PCI DSS.

What is PCI?
PCI DSS stands for Payment Card Industry Data Security Standards and applies to all entities involved in payment card processing, including merchants, processors, financial institutions and service providers. It also applies to all other entities that

Tagged payers, PCI-DSS, Security and compliance

What Healthcare CIOs Need to Know: An Interview With InstaMed’s Security Experts

With Jeff Lin, Senior Vice President of Product Management; Chris Seib, CTO; Mark Krapels, COO; and Noah Dermer, Security Officer

Security is always top of mind at InstaMed. Since day one, we’ve been committed to delivering the most secure and compliant healthcare payments experience in the industry, and we continue to uphold our reputation as healthcare’s most trusted payments network.

As head of the product team, I work closely with our security team as we develop new products and enhancements for InstaMed

Tagged P2PE, PCI-DSS, PCI-Validated P2PE Solution Provider

What Does it Mean to Offer a PCI-Validated P2PE Solution?

Guest blogger: Tim Winston CISSP, CISA, QSA (P2PE)

Many payment vendors claim to offer P2PE (point-to-point encryption) solutions but are not actually PCI-validated. What does it mean to offer a PCI-Validated P2PE Solution Provider? Tim Winston from Coalfire, a PCI SSC Qualified Security Assessor Company, answers some of the most frequently asked questions about P2PE solutions.

What is a QSA (P2PE)?

A QSA (Qualified Security Assessor) Company is recognized by the PCI Council as a qualified assessor of an organization’s adherence to PCI

Tagged P2PE, PCI compliance, PCI scope, PCI-DSS, PCI-Validated P2PE Solution Provider

What You Need to Know About Migrating from SSL and Early TLS

In a previous blog post, we talked about the infamous Heartbleed Bug and the damage it inflicted. In April 2015, as a result of Heartbleed and other discovered vulnerabilities, the Payment Card Industry Security Standards Council (PCI SSC) removed SSL and early versions of TLS as an example of strong cryptography from the PCI Data Security Standard (DSS) version 3.1.

Since first announcing a migration timeline for organizations to transition from SSL and earlier versions of TLS, PCI has extended the

Tagged PCI-DSS, PCI-SSC, SSL, TLS

How to Heal a Broken Heart(bleed Bug)

Last month, Valentine’s Day had me reflecting on matters of the heart (even security officers can be sentimental now and then) and I took some time to think about love, relationships and heartbreak. Heartbreak is hard. It can make us feel used and question how we could have let ourselves become vulnerable to such pain. After heartbreak happens, we find ourselves patching up the places where our heart was exposed and revaluating ourselves to figure out how we can prevent

Tagged Compliance and Security, healthcare payment security, PCI compliance, PCI-DSS

Introducing: Security Corner with Noah Dermer

Welcome to the Security Corner
Welcome to the first installation of InstaMed’s Security Corner, a monthly blog feature discussing important topics in compliance and security with me, Noah Dermer. I came to InstaMed in 2015 to join the Security and Compliance team. Previously, I was the Chief Security Officer at Epic Systems, where one of my responsibilities was building security into Epic’s enterprise applications. As Security Officer at InstaMed, my goal is to support our security and compliance mission as well

Tagged Compliance and Security, EMV, healthcare payment security, P2PE, PCI compliance, PCI scope, PCI-DSS, security

Ask the Expert: EMV, Encryption and Reducing Your PCI Scope

Tony Hansen is a Payment Card Industry Professional (PCIP) at Providence Health Systems. Providence is the third largest not-for-profit health system in the U.S., operating 34 hospitals in five states. Earlier this year, Tony met with a group of Epic Users about the importance of EMV and how encryption helps reduce PCI scope and protect against the threat of fraud and stolen personal data.

Below are the insights and advice Tony shared regarding some of the most frequently asked questions about

Tagged Best Practice, Compliance and Security, EMV, HIPAA, PCI compliance, PCI scope, PCI-DSS

The Top 3 Essentials of Payment Security in Healthcare

Guest Blogger: Jeff Lin, Senior Vice President of Product Management, InstaMed

The Washington Post has deemed 2015 “the year of the healthcare hack” with multiple large-scale breaches already compromising the data of more than 100 million U.S. consumers. An issue compounding healthcare’s vulnerability is the rapid increase of consumer payment responsibility since the Affordable Care Act (ACA).

Healthcare organizations are seeking ways to connect electronically with consumers to streamline the payments process, improve cash flow and ensure data security, which can significantly

Tagged Affordable Care Act, EMV, healthcare payment security, healthcare payments, P2PE, patient responsibility, PCI-DSS

6 Best Practices for Patient Payment Plans

article.resource .blog-lead-text p, article.post .blog-lead-text p, .block-editor .blog-lead-text p{
line-height: 40px; font-size: 24px; font-weight: 100;
}

As healthcare providers rely more on patients for revenue, many have started to use more consumer-centric strategies, like payment plans that enable patients to pay balances off over time. Improve processes for your organization and patients by adopting best practices and policies.

A Growing Demand for Payment Plans in Healthcare

The rise in high-deductible health plans and growing out-of-pocket costs is forcing consumers to bear greater

Tagged Best Practice, healthcare payments, increase collections, patient bad debt, patient payments, patient responsibility, payment assurance, payment card, payment strategies, PCI-DSS, trends in healthcare payments

Top 3 Misconceptions of Collecting from Patients

Many healthcare providers are concerned about the impact to their businesses that will result under PPACA. Much of this concern is due to the additional 20 to 30 million uninsured Americans that will begin to receive new healthcare coverage in 2014. With more patients eligible to receive healthcare services, and hundreds of millions of patient payments transactions being added to the U.S. healthcare system, the difficulties providers face with patient collections is becoming a high priority issue.

Shifting the focus to

Tagged Administrative Costs, Affordable Care Act, Best Practice, Compliance, Consumerism, Eligibility, healthcare payments, healthcare reform, increase collections, patient bad debt, patient estimation, patient payments, patient responsibility, payment, payment assurance, payment card, payment strategies, PCI-DSS, providers

Blog Post Topic: PCI-DSS