Table of Contents
Processing Patient Payments During COVID-19
HealthPay24 is here to minimize the impact that COVID-19 has on securely processing payments, no matter where your workforce is. With concerns around PCI Security and HIPAA Compliance for work from home staff, it’s crucial to identify payment collection options that are safe and secure.
The following information will provide you with actionable steps you can take to ensure best practices, drive patient portal adoption and other secure alternatives, and successfully prepare for the road ahead. Upon reading this article, you’ll be able to walk away with a clear understanding of what you can do next to ease the burden placed on your team and the stress your patients are under.
PCI Security Basics
The difficult environment that we are currently in brings added challenges as we think about how we can continue to provide patient-friendly payment options that are secure and flexible. Compliance rules and regulations still need to be applied, no matter where payments are going to be taken. As work environments shift during this time, it is crucial to examine the following questions in order to maintain PCI Security Compliance and continue to protect patient information.
Are You Using Devices or Equipment?
If you have remote employees, consider whether they are using laptops or other devices that are company-approved devices. Devices that are company-approved have certain expectations and requirements that need to be met from a security compliance standpoint. If so, are protection measures such as antivirus or malware in place on that device? Does the equipment being used meet compliance requirements for processing the same way it would as if you were processing in one of your regular environments? Do your policies account for tracking and inventory for encrypted credit card devices if they’re in use for home or remote environments just like they would be in the hospital?
Are your remote users connecting securely to your network, and/or applications such as utilizing VPN or multi-factor authentication?
As we experience new ways of communicating, it’s important to identify whether secure communications in all forms are being utilized when interacting with patients.
Who are my work-from-home employees and what do home environments look like?
A key piece to compliance is to know your surroundings and adjust accordingly. Ask yourself if your employees need additional training to securely work from home. Do existing policies cover work from home scenarios adequately or do they need to be updated? Finally, are headsets or a more private home office space being used to ensure privacy for sensitive conversations?
As we take these scenarios into consideration and think about how to apply them to a new “normal,” we have the following options:
- Explore your options with your IT team and payment service providers
- Seek resources from known sources or trusted vendors such as PCI Counsel
- Always seek guidance and approval from your Security Team and QSA
In the end, you want to know that you’re meeting compliance and security standards and accounting for risk that home users are going to be bringing into the picture.
A work-from-home revolution has happened.
Are you maintaining security compliance?
View our in-depth Infographic on PCI and HIPAA Compliance here.
HealthPay24 in Action:
Large NYC Health System Responds to Secure Payment Collection During COVID-19Background
One of our clients is one of New York State’s largest healthcare networks with 72,000+ employees and over 800 hospitals and care centers.
The COVID-19 outbreak has forced many support staff to work from home. This new normal has brought about several concerns around PCI and HIPAA Compliance, including the safest way to collect patient payments when working remotely.
Already a client of HealthPay24, they reached out to us for a fast, secure solution that would meet on-going compliance standards and receive approval from their QSA.
The health network provided their agents with company issued CDE laptops with applicable virus protection installed. These agents connect securely to the organization’s network using VPN, accessing HealthPay24 to collect directly through the application.
– Major healthcare network in New York
– Less than 10 days from initial conversation to go live
– 170 agents set up to process patient payments securely from home
– Patient account and payment data is accessed safely and securely
Have a question we can answer?Contact Us
For more information on PCI Compliance, take a look at these helpful links from the PCI Counsel that provide some useful content as well as a framework to work within:
PCI Addresses Coronavirus COVID-19
PCI DSS Can Help Remote Workers
Protecting Payments While Working Remotely
If you feel you can’t meet compliance with any of the above scenarios, then it’s imperative to look at alternatives. Let’s look at some other options that we can advise you to take action on.
What You Can Be Doing Now
Further Patient Portal Adoption
You have an opportunity to approach this unprecedented time with a new light. One option is to further the adoption of patient portals. You might not have a patient portal, but you may have a payment platform in place already, such as HealthPay24. We’re encouraging you to get the word out more to help further that adoption.
“Over 90 percent of organizations offer patient portal access, but most hospitals see fewer than 25 percent patient adoption.” – PatientEngagementHIT.com
One of the best ways to get this across to your patients and to help open their eyes to the opportunity is to get marketing involved. They are guardians of your brand and they’re there as human response experts.
Marketing can get the word out through the use of email. Most healthcare organizations have email addresses for their patients, even if they haven’t yet registered for the patient portal or a payment platform. Let’s reinforce your presence to be a strength of security and safety during this time. Show that you are self-aware and illustrate how you are putting action behind your empathy.
Reach out to your patients via email with all of this in mind.
3 Standards to Communicate During This Time:
Quick Tip: Use words and phrases like “secure,” “avoid risk,” and “safety” to communicate your purpose and position during this time.
Reiterate the ability to pay contact free. Go into more detail about options the patient can use to address their current financial position by using and signing up for an account with a patient payment platform. Many patients are facing a different time, so offering them different and better solutions during this time is key.
It’s crucial to make it easy for the patient to get to the solution by inserting hyperlinks directly to where you want them to go in your emails. Forgetting to do so will only send your patient on a wild goose chase to find where they need to go and might leave them more frustrated than they were in the first place. A direct link to where they need to go adds to the seamlessness of the process and to the potential of you getting paid faster.
Quick Tip: Avoid using words like “fear,” “danger,” or “crisis.” Instead, use words like “uncertainty” or “challenges.”
Messaging is key, especially during major events such as the COVID-19 outbreak. After writing your email, ensure your messaging is agreed upon company wide. The following will help you convey your approach across the organization:
- Work together
- Ask the tough questions
- Be agile throughout
- Make sure Channels speak to their target
maintain the core message
- Be crystal clear to everyone what the purpose is not just the guidelines
- Be open to Q&A and feedback
Create a Healthy Environment & Simplify Reconciliation with Electronic Payments
It’s no secret that cash is dirty! Other surfaces, including plastic credit cards and paper checks can be dirty as well. Therefore, it’s important to not only discuss electronic payments of all types, but also discuss the option of contactless payments. Avoiding cash and checks makes remote payments possible and more secure. Ultimately, the future of all payments is contactless. Although, we do understand that making that shift can be a challenge for some, especially when cash and check is their preferred method of payment.
More and more, we’re seeing places like gas stations and malls with the option to pay with your phone or credit card with a contactless option (tap your card or use a mobile wallet). Being bold now will ease the tension on your workforce today and continue to change the habits for your patients in the future. Many of HealthPay24’s clients are actively pursuing a cashless model right now. Certainly, in this time, working from home, this applies.
Interactive Voice Response (IVR)
While you may be unfamiliar with the acronym, IVR, you have likely used it at some point. You might know it as simply, “Pay-by-Phone” and you’ve probably paid a credit card bill, mortgage payment, or simply checked the status of a flight using it.
While IVR isn’t by any stretch a new technology, it’s dependable, and consumers and patients trust it. It protects patient records by meeting PCI and HIPAA compliance standards.
IVR systems allow patients the ability to:
- Make payments by phone
- Check account balances
- Set up automatic payments
- Pay safely and securely
In response to COVID-19, we wanted to provide a safe and secure method for collecting payments as quickly as possible, which is why we are giving the option to implement IVR in a ready to deploy package that can be added quickly with no impact to your IT organization. In most cases, HealthPay24 wouldn’t even need IT to be involved to set it up. This option can be used for the interim and can later be customized with personalized greetings and call flow options, etc., should you choose.
HealthPay24 in Action
New York State Orthopedic Practice Implements Ready-to-Deploy Solution for Secure Payment Collection During COVID-19Background:
Our client provides total orthopedic care to the greater Syracuse community in New York.
With support staff working from home due to mandatory quarantine during the COVID-19 Pandemic, this practice needed an alternative solution for collecting payments that met PCI and HIPAA compliance standards.
As a client of HealthPay24, we reached out to them directly about our ready-to-deploy solution that can be added quickly without involvement from their IT team.
In response to this unique time, we realized that healthcare organizations needed a unique solution for securely processing payments. Working with our IVR partner, we created a streamlined implementation version of IVR so that payments can still be processed during COVID-19.
– Quick 4 day deployment of IVR payment solution
– Over 700 transactions were made in the first three months
– Over $60,000 collected during the height of COVID-19
Even in the best of times when we aren’t in a pandemic, up to 30% of healthcare consumers say they avoid seeking care because of concerns around their financial responsibility. When we put off treatment, it just leads to more complications, which leads to higher cost, and potentially worse medical outcomes. The last thing we want during a pandemic is for patients to worry about how they’re going to pay for their care.
Financial Counseling and Patient Advocacy plays a big role during this time of financial uncertainty. Consider offering multiple, patient-driven payment options to assist your patients, such as:
- No Interest Payment Plans
- Low Interest/No Interest Loan Programs
- Discounts for “Pay-in-Full”
- Extending Payment Plan Start Dates
We’re Here to Help
Whether you’re actively trying to solve problems, get ahead of the curve, or even trying to catch up, we hope the information and solutions shared here today will help relieve the financial stress that you and your patients may be experiencing during this difficult time.
If you have any questions or would like to learn more about our patient payment solutions, please reach out to us!