Chief Security Officer
‘Tis the season of gifts and giving! As my wife and I start gathering presents for our family and friends, I decided to reach out and see what healthcare payment security experts are wishing for this season. Despite there being no Legos or Duplos like my son’s list, here are the security innovations and technologies that healthcare payment security experts are asking for this holiday season.
Steven Bowles, Regional Security Officer for North America, Ingenico Group
In 2020, I want to see a more pervasive use of point-to-point encryption (P2PE) and tokenization technologies throughout healthcare IT infrastructures to better secure patients’ payment information and personal data. P2PE protects payment card data by encrypting it from the time a card is inserted or tapped until it reaches a secure endpoint where it is decrypted. Tokenization replaces valuable card information with a valueless token, making it unreadable to the applications involved in processing the payment transaction. With tokenization, healthcare organizations can securely store payment information online and use it for automatic payments and payment plans. Both of these technologies are widely recognized, but we need to do more to make them the industry standard in healthcare.
Rachel Wulf, Senior Director of Product Management, InstaMed
I would love to see more self-service payment plans. The use of payment plans in healthcare has grown almost 500% over the last three years. Most plans are negotiated by the provider’s back office and the patient, after two or three statements have already been mailed. While this is a great way to increase patient collections, it’s ignoring consumer demands for more self-service. InstaMed has enhanced its self-service payment offering with features like Personalized Engagement, as well as enhanced policy configurations. All providers that use InstaMed Patient Payments can offer self-service payment plans. With an enhanced consumer experience and more provider control, now is the time to enable self-service payment plans and watch patient collections and patient satisfaction increase!
Mike Pinch, Director, Security Risk Advisors
I’d like to see all hospitals in the country put two-factor authentication in place. Two-factor authentication (2FA) delivers an extra layer of protection for user accounts that significantly reduces the risk of unauthorized access and system breaches. As we know, hospitals and health systems are a major target for data breaches. In the first half of 2019 alone, there have been an estimated 31.6 million security incidents. That’s more than double what the healthcare industry experienced throughout the entire year of 2018 with 14.2 million patient records affected by breach incidents, according to a breach report from Protenus and DataBreaches.net. With two-factor authentication, healthcare organizations can help combat phishing attacks and safeguard patients and their electronic health records.
Gary E. Barnett, CEO, Semafone
I wish that healthcare organizations adopt a secure payment approach for all their digital customer engagement channels, whether it’s through email, SMS, webchat, or social media. Semafone’s Cardprotect Relay+ solution allows companies to spin up links to secure payment pages for their customers in all of these digital platforms. The system then relays a stream of real-time updates regarding the customer’s progress, allowing customer service representatives to troubleshoot if necessary and enabling a more seamless, secure customer experience. Customers want to remain and be served quickly and efficiently in the channel of their choice, so organizations need to step up and enable secure payments across all points of customer engagement.
Jon Sternstein, Principal, Stern Security
Instead of wishing for a gift, I’d like to give one. I believe everyone should use www.healthcarebreaches.com, a free executive dashboard that provides incredible insight into healthcare data breaches. Individuals can use this information to analyze trends and educate their own organizations on healthcare breaches. It is useful in any security awareness training program and may even help justify security projects. All we ask in return is to pay it forward and share any insight you have learned, and also let us know how it has helped you. The security community is pretty neat in that individuals and organizations have shared many tools that benefit the world and help others secure their environment so let’s keep it going! Keep checking healthcarebreaches.com as we have more functionality coming soon.