How Digital Payments Reduce Cyber Risks in Healthcare

Increased patient spending on Medicare, Medicaid, private insurance and out-of-pocket expenses, coupled with the explosive growth of electronic medical records, has created a wealth of opportunities for fraud, data breaches and cybercrime. The medical industry is paying a high price: The average cost of a data breach for healthcare organizations— $10 million — is twice the overall average, according to IBM.

Because of these greater risks, healthcare organizations are increasingly turning to digital payments, which are not only a critical piece of the fraud prevention puzzle but also have the benefit of improving patient interaction with their providers. As consumers spend more on out-of-pocket costs for their health care, they are increasingly expecting a retail-like shopping experience, with point-of-sale technology that is nimble and easy to use, often through digital wallets on their smartphones.

However, implementing an end-to-end digital payment system can be a daunting task for health care administrators because of the complexities involved in receiving, storing and transmitting patient financial data safely. That’s why it’s best to partner with a payment solutions vendor such as a financial institution that has the technology and know-how to reduce the risk of  process errors and system weaknesses.

The basics of digital payments for healthcare

There are two key objectives for digital payment systems: protecting patient financial data and keeping it separate from other sensitive information stored in electronic health records and electronic medical records. Patients may use credit cards, digital wallets or other payment methods like ACH, which could be misused if the payment information falls into the wrong hands.

Sophisticated digital software replaces confidential patient financial data with a token that cannot be exploited when transmitted. Tokenization enables providers to keep card information on file in a secure token vault where it is stored and can be reused, when necessary, without the risk of compromise or fraud.

“When a payment is processed, a token is assigned to it, so the end user never sees credit card data entering a point-of-sale device or gateway,” says Jessica Lemoine, assistant vice president and the healthcare success manager at Fifth Third Bank. “The credit card information isn’t stored inside a patient’s electronic medical record; it’s kept segregated by the token.”

Benefits of digital payments

1. Convenience and Speed. Digital payments allow for quick and easy transactions anytime, anywhere—no need to carry cash or visit a bank. Payments can be made in seconds via mobile apps, online platforms, or contactless cards.
2. Increased Security. Digital payments reduce the risks of theft or loss associated with cash. They often include security features like encryption, biometric authentication, and fraud detection systems, making them safer than traditional cash transactions.
3. Better Tracking and Financial Management. Digital transactions create automatic records, making it easier to track spending, generate financial reports, and manage personal or business budgets effectively.

Token infrastructure requires care

While secure, tokenization requires maintenance and supporting technology infrastructure. Providers need to ensure they have point-to-point encryption of all data across their networks, certified payment terminals and a management strategy that allows the tokens to be shared across the provider’s organization.

They should also encourage patients who pay with digital wallets to implement strong device and app security features like biometrics and multifactor authentication so the payment information can’t be compromised on their devices.

The infrastructure and network security that supports digital payments is complex, and most providers will need assistance from partners such as Fifth Third Bank that have experience managing payment systems and can ensure their internal network security is robust.

“Patients’ files and payment information can be transmitted to different parts of the network and insurers, and ideally, every transmission is going through a secure virtual private network and secure transfer protocols,” says Megan McCarthy, senior treasury management product manager at Fifth Third Bank. “As part of the Health Insurance Portability and Accountability Act, the government adopted a security rule that demonstrates the importance of protecting the databases that providers maintain.”

How to improve digital payment security

While tokenization, robust network security and incentivizing patients to adopt digital payment options create a strong foundation for combating fraud and data theft, they are not complete solutions. “IT and cybersecurity protocols are critical to today’s very complex payment systems,” McCarthy says. “Bad actors are very smart and good at discovering new ways to exploit process or technology weaknesses.”

One of the first steps is recognizing what providers can do to secure their payment and data storage systems — and what’s beyond their resources. Partnering with financial institutions can be an effective way to implement digital payment systems, expedite refunds and build in processes that are more fraud-resistant and secure than legacy payment methods. Security providers can help strengthen networks and data storage solutions and fill IT gaps that many health care providers face.

Data automation platforms, which streamline workflows and assist in complex, historically inefficient tasks such as payment reconciliation, can have the residual benefit of centralizing patient data and storing it more securely. While artificial intelligence and machine learning capabilities in these platforms deliver the primary benefit of expediting reconciliation, they can also uncover payment anomalies that could indicate errors or fraud.

Health care providers can also support digital payment processes by training their staff in best practices for patient engagement, payment token maintenance (such as removing expired tokens from the provider’s system) and detecting potentially fraudulent payments.

Ultimately, coordination between insurers, providers and patients can serve the dual purpose of improving customers’ payment experience and making all parties stakeholders in security and fraud protection. Lemoine points out that providers are best positioned to lead that effort. “They can put messages in patient portals about how data is used or talk to patients about data protection at the hospital cashier or with physician office staff,” she says.

For the health care system, building digital security into their payments and data processes can not only save them money but also reduce the chances of damage to their reputation that a cyberattack can cause.

With over 100 years of experience, Fifth Third is a leader in innovative payments and protecting your assets from fraudulent activity. To learn more about how you can implement digital payments and protect your business, visit 53.com/HealthcareSolutions