Most dental and medical practices today accept credit and debit cards by some means but might not be aware of the need for security protocols required to protect cardholder information. The overriding rule with patient card information is to be sure it is not retained in your system or office where it could be compromised. For many years, billing statements included the option for patients to write their charge card number on the stub and mail it to the practice or its revenue cycle management vendor. Office team members might ask for card information on the phone and write it down to be entered later by the billing department. Both situations create a paper record of the information that then must be secured or destroyed. This creates the possibility of loss, misplacement, or even fraud within the practice.
In-house registration and billing systems creates another problem for practices using electronic payments for efficiency. Those systems can store a patient's credit card information for later use, providing an additional piece of information susceptible to hackers or possible fraud from within the practice. The best advice for practices is to use a virtual terminal gateway that completely separates the practice from the credit card information. All credit card information is stored securely on the payment processor servers, eliminating a practice’s risk and liability.
Payment systems can also offer a secure method for patients to make payments online. The best systems also offer the ability for patients to set up a payment plan that will automatically charge their card monthly until the balance is settled.
For those practices interested in learning more about the security of patient charge card processing, the Payment Card Industry (PCI) Security Standards Council is the best source of information. The PCI Council was formed by the major payment card vendors, such as Visa, Mastercard, and American Express, to establish standards to protect cardholders' information.
Protocols
One PCI document details the requirements and protocols that should be followed if your practice decides to continue accepting charge card information by phone, which is allowed under the PCI standards.
Generally, if information is directly keyed into the computer system, there is no compliance issue (if the system meets security criteria). However, if the call is recorded or the operator takes written notes, then additional safeguards must be in place.
The first step toward charge card data security is to understand whether your practice is retaining any sensitive data, either on paper or in a computer system. If you are, then steps should be taken to evaluate your practice's exposure and mitigate the situation. The use of a third-party payment processing vendor is recommended.
Make the availability of online payments for your patients a high priority, which will go a long way toward ensuring their satisfaction with your practice and be sure to take steps to offer this option safely and securely.
Seamlessly Integrate Payment Solutions in One Place
A full suite of comprehensive payment tools and solutions designed to help process payments in the office, online or when invoicing patients is critical today. With our payment gateway, you will gain innovative payment solutions designed to securely process payment with custom web checkout features and solutions. Easily integrate with your solutions and take advantage of the counter terminals and virtual gateway features to enhance your practice.
