In 2014, Coalfire Systems Inc. (Coalfire), a respected Payment Card Industry (PCI) Payment Application – Qualified Security Assessor (PA-QSA) company, released a white paper with InstaMed that looked at the current landscape of healthcare security and validated that InstaMed’s healthcare payments solutions were effectively mitigating security risks. Since then, InstaMed has continued to innovate to ensure our solutions are the most secure and compliant choice for healthcare payments. I want to share with you just how far we’ve come since then.
For those of you who don’t want to read the full 100-page document, here are three highlights from the white paper that take a look at how InstaMed solutions have adapted over these past few years.
Device Support
Payment devices enable healthcare organizations to collect patient payments at critical touchpoints throughout a patient encounter, such as check-in, check-out, before or after a visit over the phone, or even during an encounter with mobile workstations. InstaMed offers a variety of smart devices that deliver the highest level of payment security and advanced payment technology, including the Ingenico iSC Touch 250 and the Ingenico iPP 320. These devices are equipped with NFC (i.e., contactless) technology allowing consumers to use payment options like Apple Pay® and Google Pay™. This enables a quick and convenient payment experience at the POS as patients can simply hold up their phone to a payment terminal to make a payment. Our devices also support all EMV transactions as well as card swipe and manual entry. All of InstaMed’s devices are protected with point-to-point encryption (P2PE) ensuring all card data is encrypted from the time the card is swiped or keyed until it reaches a secure endpoint where it is decrypted. These Ingenico devices are also approved for use with InstaMed Healthcare Payments P2PE solution, which enables healthcare organizations to assess compliance using the simplified self-assessment questionnaire (SAQ) P2PE.
Stay a Step Ahead With InstaMed Devices
InstaMed is future-proofed for upcoming payment industry mandates so you don’t have to worry about them:
- EMV Contactless Payments
Today, 38 percent of transactions originate from a contactless-enabled merchant. Effective April 13, 2019, all merchants that accept contactless payments must support EMV contactless chip functionality. InstaMed is prepared for this mandate and only delivers compliant devices to merchants.
- Contactless Payment Terminals
By 2020, Mastercard and Visa will require that all U.S. merchants can accept contactless payments. InstaMed is prepared for this mandate and offers multiple options for contactless-enabled devices.
External Payment Page Integration
This year, we released the InstaMed External Payment Page Integration in the Epic App Orchard. InstaMed External Payment Page Integration allows MyChart to collect real-time credit card and bank account payments via InstaMed while keeping sensitive data from touching a healthcare organization’s servers. As a result, healthcare organizations reduce their annual PCI compliance efforts up to 90 percent with this SAQ A eligible solution and significantly reduce their audit, hardware and personnel costs.
There are many payment vendors today that promote payment functionality with Epic, such as EMV or External Payment Page Integration, but the reality is they have not completed all of the certifications or fully tested their technology to actually support them. InstaMed, on the other hand, has helped multiple organizations go live with the InstaMed External Payment Page like Boston Medical Center. Here’s what Arthur Harvey, VP & CIO of Boston Medical Center had to say about the integration:
“A key differentiator for us was the InstaMed External Payment Page Integration as it allows us to deliver a seamless patient payment experience within MyChart while significantly reducing our PCI scope and associated expense. InstaMed’s track record of successful Epic integration along with their commitment to continue integrating with Epic inspires confidence that we will have a long-term solution that will benefit our patients while simplifying our own infrastructure.”
The InstaMed Secure Token
InstaMed revolutionized online payment security in healthcare with the InstaMed Secure Token. The InstaMed Secure Token enables healthcare organizations to deliver a seamless and secure online consumer payment experience within their existing portals with cardholder data never touching their servers. As a result, consumers can make one-time payments and also have full access to their digital wallet for future or recurring payments while using any device. Likewise, healthcare organizations significantly reduce their PCI compliance efforts with this SAQ A eligible solution and ensure that cardholder data is protected.
If you’re interested in reading more, you can download the full white paper InstaMed Security and Encryption in Healthcare Payments White Paper.