Is Your Credit Card Processing System HIPAA Compliant?
Written by John Cruz, in Category Latest Articles
HIPPA Non-compliance Can Create Enormous Liability Issues For Healthcare Providers
Because HIPAA has many requirements, and penalties can be steep, it's vital to know that your credit card processor is also compliant with HIPAA regulations. There are several things you should know about your credit card processor's activities and how they handle the information provided to them. Your office is responsible for all information disseminated by your office to others, including those handling payment processing.
HIPAA Requires All Personal Health Information be Stored Securely
About one-third of Personal Health Information (PHI) result in information being leaked as a result of hacking. While following regular protocols will do much to reduce your risk, the credit card major credit card issuers recognize the Payment Card Industry Data Security Standard (PCI DSS) which is a 12 point system designed to reduce HIPPA compliance risk.
While each of these requirements have several sub-requirements, they can begin to be implemented one-by-one to ensure patient data is secure and those required to maintain patient records are HIPPA compliant. Some aspects of HIPAA require that PCI DSS be implemented.
There are also other aspects of HIPAA regulations that you should be aware of that you may feel do not pertain to you, but ignorance is never an excuse in the eyes of the law. Preparing yourself with knowledge of how the security of patient and client information should be handled will go a long way to help protect you and your practice. These include maintaining of records in a secure fashion, even when you are not the party handling the information.
Cyber attacks are on the rise, with thieves wanting to gain access to files that contain data that will allow them to have easy access to other aspects of your patients' lives, including banking information, insurance policies, business and home addresses, phone numbers, and even next-of-kin. Data thieves use this information to scam people into sending them money and also to steal through impersonation from bank accounts. Sometimes, online accounts are created with valid information, although the identity theft victim never knows until he or she applies for credit.
Other problems with the storage and sending of patient information have involved sending patient documents to unintended recipients. This is not always harmful to the patient and typically involves another insurance provider in the system. Always checking to ensure that the number of website documents being sent matches the intended number of recipients should be a matter of normal, standard practices, not a random checking practice.
HIPAA and Your Credit Card Processor
Your credit card processor is not required by HIPAA to follow the regulations contained in that legislation when handling PHI data unless certain activities are being carried out. Even a receipt sent to a patient is considered an additional service, as are gift cards, or anything else sent to patients. These extra services require that the payment processor is HIPAA compliant. If any other services are provided, then you need to have a valid and up-to-date Business Associate Agreement with them that requires them to be HIPAA compliant.
These regulations include that no card numbers be stored on paper or online, that all numbers pertinent to patients' billing that are being transferred be encrypted, and that network and databases are kept secure. Numbers associated with a patient's account include not only credit card numbers, but also patient account numbers (PAN) and even date of birth (DOB). Telephone numbers, zip codes, and home addresses should also be encrypted to protect patients' information as much as possible.
Penalties for Non-Compliance with HIPAA
Ensuring that your business is HIPAA compliant is quite important because penalties can be levied against not only the credit card payment processor in the event it is determined they have not met all requirements, but those penalties can also be levied against you, as well.
To continue reading this article scroll down and click on "View Page 2". Find out what monetary fines are paid to victims and how to protect yourself so that you are not paying the victim's a monetary fine.
Pivotal Payments "The Partner You Keep"
To continue reading this article scroll down and click on the "View Page 2" button below.