HIPAA & PCI Compliance | Checklist
5 Critical Questions You Should Be Able to Answer as a Medical Billing Collection Professional
Written by Michael Wise
Healthcare providers, medical billing offices, and the vendors providing the collection software and payment applications that take, store and send payment information for processing, all should look at this recent breach as an opportunity to reassess their data security.
Here’s five questions you should be asking (yourself or your collection software or online payment vendor) about the information and payment data you’re collecting. This includes any system where credit card and personal information gets entered, gets stored, or is used to pass that information to another end point.
The recent data breach took place on an internally developed payment application. Are you currently taking payments through collection software or a payment site you manage, and does it include P2PE certified solutions? If so, have you ever conducted a cost analysis/risk assessment to determine whether maintaining complete data liability exposure makes financial sense?
These agencies, regulations, and court rulings have the power and authority to fine, legally prosecute, or even incarcerate if data is breached or consumer protections are violated.
If using a third party service, is your collection or billing software storing or passing through credit card data? Is it a P2PE certified solution? In either case, that data must be encrypted. For example, if you’re able to see or export stored credit card data in clear text, that data is not encrypted and you (and your clients) could be held liable in the event of a data breach.
How was this information confirmed? Can your vendor provide PCI documentation (like completion of a 3rd-party PCI audits) that you can provide as assurance to your clients (or in the unfortunate case of a data breach)?
What’s the difference? For your business and the clients you serve, it’s the difference between an insurance card and an active insurance policy. Or, a promise that the check is in the mail vs. the deposit is in the bank.
Did this article raise any questions?
Whether you’re looking to reassess your level of data exposure or wish to move to a 100% PCI-Certified solution provider, we can help!
Resources
Resources & Articles For Managing Your Finances On Your Own
Outbound Call Center Solutions: The Top Five Features to Look For in 2023
Maximize productivity and efficiency in your high volume outbound call center with our expert recommendations for cloud-based contact center software.
Understanding Regulation F’s Model Validation Notice
The Model Validation Notice is a blueprint collectors can follow when sending initial debt-related communication to a consumer. Following the MVN provides a debt collector “safe harbor” from potential litigation.
The Big Problem With Managing Reg F Communications and Contacts By Phone Number
With tax refund season about to be in full swing, we want to make sure your agency isn’t leaving any money on the table! Check to see if the system you’re using to manage Reg F has the ability to track contacts and communications by account or creditor. If not, we can help!