How to improve digital payments security for your health system

September 01, 2021

As more healthcare transactions move online, now is the time to ensure your health system is protected with industry leading security measures.

By Tyler Eppley, Vice President, U.S. Bank


The number of digital payments is rising rapidly, a trend that shows no signs of slowing down as the COVID-19 pandemic accelerates the shift towards online purchases and transactions. In fact, digital payment volume continued to grow over 30% in the second quarter of 2021, according to Visa.1

The same is happening in healthcare, driven, in part, by the adoption of virtual care delivery and new opportunities for text and email payments. But as more transactions move online, fraudsters are developing increasingly sophisticated tactics to compromise cardholder payment data.

With most healthcare organizations embracing digital payments as a long-term solution and not just a quick fix during the pandemic, now is the time to ensure your health system is protected with industry-leading security measures. Here are some ways to offer your patients peace of mind about their payment information being secure:


First things first: Secure your organization at every touchpoint

Technology is always evolving to keep up with the latest threats, so as your healthcare organization continues to accept more digital payments, make sure you’re using the newest and best security tools available.

P2PE Validated is the gold standard in the payment security industry, using even more stringent assessments by the PCI Security Standards Council. Many organizations use P2PE, but only P2PE Validated solutions have fulfilled the rigorous security requirements and testing procedures specified by the Council. This means a P2PE Validated solution offers the highest level of security for payment card data stored and processed on your system.

Healthcare organizations using a P2PE Validated solution also benefit from reduced PCI DSS compliance validation efforts and a simplified self-assessment questionnaire. However, keep in mind that only P2PE solutions listed on the PCI Council website are approved by the Council as validated solutions and have been assessed to the complete PCI P2PE Standard.

When implementing any security solution, remember to protect every touchpoint for both patient and non-patient payments, from the parking garage to the cafeteria to the ER. All environments should have advanced security features — even the gift shop, which is where most payment data breaches occur in a healthcare and hospital environment. 


Leveraging new technology

Today’s patients are very interested in using innovative new payment methods, such as QR codes, mobile apps and text to pay. Our 2021 Healthcare Payments Insight Report shows that 31% of U.S. healthcare consumers want their medical provider to support Zelle, Venmo, PayPal or a similar online money transfer service, while almost 50% said they’d use pay-by-text if available.

When incorporating these new technologies, it’s important to include them in your overall security strategy so you don’t leave your healthcare record systems and patient payment data open to vulnerabilities. For example, something that may be stopping patients from using innovative and convenient payment methods is a fear of their payment data being stolen. In our report, we found that of those who would not choose to pay by text, security concerns are the top reason. And 35% of respondents who want to further modernize digital payments indicate they’re concerned about security.

Consumers continue to worry most about their social security number and credit or debit card information being stolen; medical history and health plan information are less of a concern. This means it’s critical to choose a payment processing solution that prioritizes security across all touchpoints, from in person to online and mobile. 


Ease fears with a patient communications strategy

Once you’ve invested in the best security measures for every payment touchpoint, it’s important to let your patients know what you’re doing to keep their data safe. This way, they can feel comfortable and confident using the digital payment methods they prefer, which can speed collection and save your staff from having to follow up on past-due bills.

Sharing that you’re using top-of-the-line security tools is key because patients perceive the healthcare industry to be less secure for payments than retail or restaurants, according to our report. While this is an improvement from healthcare’s sixth position in terms of concerns over security last year, clearly there is still room for improvement — especially as many patients are using digital payments in healthcare for the first time during the pandemic.

Some ways to educate patients include messaging at the point-of-sale or transaction site that indicates all data collected is secure and outlines where they can find more information on the specific protocols being used. This messaging can also be included on your patient portal, IVR system, and paper and e-statements, as well as scripted for staff to reiterate in person or via phone.


Ready to take the next step securing digital payments in your healthcare organization? Learn more about security trends and patient expectations in our 2021 Healthcare Payments Security Report.

Tyler Eppley is the vice president of healthcare payment solutions at U.S. Bank and has worked exclusively with providers for more than 15 years to optimize revenue cycle operations and improve the patient experience.

Related content

Solutions banks can offer during the COVID-19 pandemic

Improve government payments with electronic billing platforms

Emerging A/R solutions use artificial intelligence to target efficiency

ABCs of APIs: Drive treasury efficiency with real-time connectivity

Hospitals face cybersecurity risks in surprising new ways

How jumbo loans can help home buyers and your builder business

Payment industry trends shaping that are the future of POS

Real-time payments: the next major treasury disruptor

Higher education strategies for e-payment migration, fighting fraud

4 ways to make practical use of real-time payments

Benefits of billing foreign customers in their own currency

How real-time inventory visibility can boost retail margins

4 benefits to paying foreign suppliers in their own currency

Escheatment resources: Reporting deadlines for all 50 states

5 steps you should take after a major data breach

Cybersecurity – Protecting client data through industry best practices

Colleges respond to student needs by offering digital payments

Want AP automation to pay both businesses and consumers?

Automate accounts payable to optimize revenue and payments

Why KYC — for organizations

Adjust collections to limit impact of USPS delivery changes

Post-pandemic fraud prevention lessons for local governments

How electronic billing platforms improve government payments

Rethinking common time management tips

How Everyday Funding can improve cash flow

How to apply for a business credit card

How a small business is moving forward during COVID-19

How to accept credit cards online

Drivers for changing accounts receivable in 2021

Digitizing receivables to transform B2B rent payments

BEC: Recognize a scam

Fight the battle against payments fraud

The latest on cybersecurity: Vulnerability testing and third-party software

The password: Enhancing security and usability

Tactical Treasury: Fraud prevention is a never-ending task

Increase working capital with Commercial Card Optimization

How AR technology is helping advance payment processing at Avera Health

3 timeless tips to reduce corporate payments fraud

Digital trends poised to reshape hotel payments

Three healthcare payment trends that will continue to matter in 2022

The surprising truth about corporate cards

Managing the rising costs of payment acceptance with service fees

Safeguarding the payment experience through contactless

3 ways to adapt to the new payments landscape

Automate escheatment for accounts payable to save time and money

The benefits of payment digitization: Pushing for simplicity

Understanding and preparing for the new payment experience

White Castle optimizes payment transactions

Collect utility and telecom bill payments faster

Tailor Ridge eBill case study

ABCs of ARP: Answers to American Rescue Plan questions for counties

Overcoming the 3 key challenges of a lump sum relocation program

4 tips for protecting your business against Coronavirus-related scams

5 Ways to protect your government agency from payment fraud

Proactive ways to fight vendor fraud

The latest on cybersecurity: Mobile fraud and privacy concerns

How to improve your business network security

Government agency credit card programs and PCI compliance

Cybercrisis management: Are you ready to respond?

Protecting your business from fraud

What is a CLO?

3 benefits of integrated payments in healthcare

Unexpected cost savings may be hiding in your payment strategy

Webinar: AP automation for commercial real estate

Webinar: CSM corporation re-thinks AP

Webinar: A closer look at U.S. Bank AP Optimizer

Top tips for card payments optimization

COVID-19 safety recommendations: Are you ready to reopen?

How to improve digital payments security for your health system

Higher education and the cashless society: Latest trends

Government billing survey: The digital transformation of the payment experience

Top 3 ways digital payments can transform the patient experience

Webinar: Fraud prevention and mitigation for government agencies

Digital receivables to meet changing demand

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Webinar: CRE technology trends

Webinar: AP automation—solve payment challenges with an invoice-to-pay solution

Webinar: Robotic process automation

Webinar: CRE treasury leader roundtable

Authenticating cardholder data reduce eCommerce fraud

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.

U.S. Bank is not responsible for and does not guarantee the products, services or performance of U.S. Bancorp Investments, Inc.