HIPAA & PCI Compliance | Checklist
5 Critical Questions You Should Be Able to Answer as a Medical Billing Collection Professional
Written by Michael Wise
Healthcare providers, medical billing offices, and the vendors providing the collection software and payment applications that take, store and send payment information for processing, all should look at this recent breach as an opportunity to reassess their data security.
Here’s five questions you should be asking (yourself or your collection software or online payment vendor) about the information and payment data you’re collecting. This includes any system where credit card and personal information gets entered, gets stored, or is used to pass that information to another end point.
The recent data breach took place on an internally developed payment application. Are you currently taking payments through collection software or a payment site you manage, and does it include P2PE certified solutions? If so, have you ever conducted a cost analysis/risk assessment to determine whether maintaining complete data liability exposure makes financial sense?
These agencies, regulations, and court rulings have the power and authority to fine, legally prosecute, or even incarcerate if data is breached or consumer protections are violated.
If using a third party service, is your collection or billing software storing or passing through credit card data? Is it a P2PE certified solution? In either case, that data must be encrypted. For example, if you’re able to see or export stored credit card data in clear text, that data is not encrypted and you (and your clients) could be held liable in the event of a data breach.
How was this information confirmed? Can your vendor provide PCI documentation (like completion of a 3rd-party PCI audits) that you can provide as assurance to your clients (or in the unfortunate case of a data breach)?
What’s the difference? For your business and the clients you serve, it’s the difference between an insurance card and an active insurance policy. Or, a promise that the check is in the mail vs. the deposit is in the bank.
Did this article raise any questions?
Whether you’re looking to reassess your level of data exposure or wish to move to a 100% PCI-Certified solution provider, we can help!
Resources & Articles For Managing Your Finances On Your Own
We take communication and compliance very seriously. That’s why we turned comments from a recent expert webinar into this collection letter checklist.
One of our Hosted Contact Center clients recently asked how they could effectively utilize an autodialer without violating TCPA compliance regulations and risk a lawsuit. CEO Jeff Mains explains how autodialing software must be set up and configured to be compliant.
A contact center’s KPIs are largely monitored, measured, and reported by the use of call results. Call results are a pre-defined disposition, or outcome, assigned by the agent to every call. These results also contain attributes, which if not set up correctly, will return data that