How to improve digital payments security for your health system  

As more healthcare transactions move online, now is the time to ensure your health system is protected with industry leading security measures.

By: Tyler Eppley, Vice President of Healthcare Payment Solutions at U.S. Bank

Tags: Payments, Fraud protection, Security
Published: September 01, 2021

The number of digital payments is rising rapidly, a trend that shows no signs of slowing down as the COVID-19 pandemic accelerates the shift towards online purchases and transactions. In fact, digital payment volume continued to grow over 30% in the second quarter of 2021, according to Visa.1 

The same is happening in healthcare, driven, in part, by the adoption of virtual care delivery and new opportunities for text and email payments. But as more transactions move online, fraudsters are developing increasingly sophisticated tactics to compromise cardholder payment data.

With most healthcare organizations embracing digital payments as a long-term solution and not just a quick fix during the pandemic, now is the time to ensure your health system is protected with industry-leading security measures. Here are some ways to offer your patients peace of mind about their payment information being secure:


First things first: Secure your organization at every touchpoint

Technology is always evolving to keep up with the latest threats, so as your healthcare organization continues to accept more digital payments, make sure you’re using the newest and best security tools available.

P2PE Validated is the gold standard in the payment security industry, using even more stringent assessments by the PCI Security Standards Council. Many organizations use P2PE, but only P2PE Validated solutions have fulfilled the rigorous security requirements and testing procedures specified by the Council. This means a P2PE Validated solution offers the highest level of security for payment card data stored and processed on your system.

Healthcare organizations using a P2PE Validated solution also benefit from reduced PCI DSS compliance validation efforts and a simplified self-assessment questionnaire. However, keep in mind that only P2PE solutions listed on the PCI Council website are approved by the Council as validated solutions and have been assessed to the complete PCI P2PE Standard.

When implementing any security solution, remember to protect every touchpoint for both patient and non-patient payments, from the parking garage to the cafeteria to the ER. All environments should have advanced security features — even the gift shop, which is where most payment data breaches occur in a healthcare and hospital environment.


Leveraging new technology

Today’s patients are very interested in using innovative new payment methods, such as QR codes, mobile apps and text to pay. Our 2021 Healthcare Payments Insight Report shows that 31% of U.S. healthcare consumers want their medical provider to support Zelle, Venmo, PayPal or a similar online money transfer service, while almost 50% said they’d use pay-by-text if available.

When incorporating these new technologies, it’s important to include them in your overall security strategy so you don’t leave your healthcare record systems and patient payment data open to vulnerabilities. For example, something that may be stopping patients from using innovative and convenient payment methods is a fear of their payment data being stolen. In our report, we found that of those who would not choose to pay by text, security concerns are the top reason. And 35% of respondents who want to further modernize digital payments indicate they’re concerned about security.

Consumers continue to worry most about their social security number and credit or debit card information being stolen; medical history and health plan information are less of a concern. This means it’s critical to choose a payment processing solution that prioritizes security across all touchpoints, from in person to online and mobile.


Ease fears with a patient communications strategy   

Once you’ve invested in the best security measures for every payment touchpoint, it’s important to let your patients know what you’re doing to keep their data safe. This way, they can feel comfortable and confident using the digital payment methods they prefer, which can speed collection and save your staff from having to follow up on past-due bills. 

Sharing that you’re using top-of-the-line security tools is key because patients perceive the healthcare industry to be less secure for payments than retail or restaurants, according to our report. While this is an improvement from healthcare’s sixth position in terms of concerns over security last year, clearly there is still room for improvement — especially as many patients are using digital payments in healthcare for the first time during the pandemic.

Some ways to educate patients include messaging at the point-of-sale or transaction site that indicates all data collected is secure and outlines where they can find more information on the specific protocols being used. This messaging can also be included on your patient portal, IVR system, and paper and e-statements, as well as scripted for staff to reiterate in person or via phone.


Ready to take the next step securing digital payments in your healthcare organization? Learn about more security trends and patient expectations in our 2021 Healthcare Payments Security Report.



[1] Card-not-present volume, excluding travel.
Tyler Eppley is the Vice President of Healthcare Payment Solutions at U.S. Bank and has worked exclusively with providers for over 15 years to optimize revenue cycle operations and improve the patient experience.