Card Not Present Fraud , HIPAA/HITECH , PCI Standards
Securing Healthcare Payment TransactionsDan Berger of AxiaMed on Complying With HIPAA and PCI
As more hospitals seek new methods for collecting payments from patients, they face the challenge of securing those transactions, says Dan Berger of AxiaMed.
The deductibles and copayments that patients must pay out of their own pockets are skyrocketing, Berger says in an interview with Information Security Media Group conducted during HIMSS19 in Orlando, Florida. Meanwhile, patients are often confused by the explanation of benefits forms they receive from their insurers and don't understand why they frequently receive multiple bills for a single procedure, he adds.
"This makes it difficult for the patient to figure out what they owe and actually make the payment," he says.
To address these issues, "there's a whole new range of payment methods, and often healthcare providers don't understand their security and compliance regulations and responsibilities that go along with that," he notes.
"With all the various methods of payment, we have to remember that payment card information is not only potentially PHI [protected health information] and therefore covered under the HIPAA regulations, but are also subject to PCI regulations. It's the compliance double-whammy."
In the interview (see audio link below photo), Berger discusses:
- Breaches involving healthcare payment systems;
- Why patient portal payment transactions are often challenging for patients and providers;
- The role of point-to-point encryption.
Berger is national director of healthcare at AxiaMed, a healthcare financial IT company. He has over 25 years of experience in healthcare IT, cybersecurity, and HIPAA and PCI compliance. Berger was previously president and CEO at Redspin, an IT security assessment company that was acquired by Auxilio in 2015 and is now a unit of security consultancy CynergisTek.