The healthcare payments market handles a massive amount of information on a daily basis that includes such highly sensitive items as social security numbers and payment data. Many healthcare organizations rely on paper-based processes or legacy technology systems to transmit this data, which can easily be intercepted by or exposed to hackers and thieves.
Any organizations unsure if their data is at risk should assume the worst. The year 2016 saw more healthcare data breaches than any other year on record, according to Symantec
. In fact in 2016, there was roughly one health data breach per day
, affecting more than 27 million total patient records.
True Costs of Unsecure Data
Once a healthcare organization’s data is exposed, a figurative dam has been broken, and the data are available to any hacker or thief to put on the black market for sale to the highest bidder. At present time, there is no way to make exposed data secure again or to take it off of the black market.
Financially, Ponemon reports
that data breaches are estimated to cost the healthcare industry $6.2 billion annually. However, the unseen costs of an exposure reverberate through the industry at an alarming rate as headlines quickly announce the breach and consumers panic over the status of their personal information—damaging the organization’s brand and losing the trust of their patients or members.
Security Concerns in the Industry
The impact of unsecure data to an organization’s reputation and bottom line have not gone unnoticed in the industry. In fact, 90% of providers reported
that payment security is very important when collecting patient payments. These growing concerns regarding payment security will only be compounded as organizations attempt to keep up with the demands of consumers by adding new payment options such as automated payments and online payment portals.
Advanced payment technology can help assuage this consumer concern as many innovations are inherently more secure than traditional payment methods. Tokenization is leveraged by secure payment applications to convert payment card information to a “token,” which has no value outside of the payment transaction it is used for because it is exclusively associated with that merchant’s ID. The industry is also beginning to take tokenization to the next level by leveraging a second token to securely store payment information online for future use. When deployed correctly, these tactics can significantly reduce Payment Card Industry scope and the risk of a breach.
Security Concerns Influence Consumer Choices
If healthcare data is a target, then consumer data is the industry’s bullseye as it can yield the highest profit on the black market. Consider that 1 in 4 consumers
have experienced their healthcare data being breached. As consumers become savvier healthcare stakeholders, they will have little patience for their healthcare data being mishandled or compromised as almost half of patients
would switch providers if they found out their records were stolen.
Securing the Industry
One of the biggest threats to the healthcare payments market is third party vendors who are not properly vetted or who may even self-attest to being secure and compliant. Of all breaches reported to HHS, 30% were attributed to third-party vendors
. This is especially true when vendors sell their solution as a single offering, but it is actually made up of multiple systems cobbled together. Those separate systems or plug-ins increase the number of touchpoints for payments, which increase the number of handoffs for the data. This adds the risk of vulnerability points in the data’s journey to its endpoint.
Compliance requirements need to be taken seriously by healthcare organizations and the third-party organizations to which they entrust their payment data. By meeting these standards, organizations will ensure that their data is secure and reduce the risk of a breach.
Security and Compliance Must Be a Priority
Ransomware, data breaches and stolen information make data in the healthcare industry a constant target to hackers and thieves – all of which cost the industry billions of dollars. The impact of unsecure data has not gone unnoticed as consumers and providers reported payment security is very important. Consequences of unsecure data and noncompliant processes and systems will continue to cost the industry billions of dollars. Organizations can ensure that their data is secure and reduce the risk of a breach by meeting industry standards, and obtaining audits and certifications from respected industry groups.
About the Author
Chris Seib, Chief Technology Officer and Co-Founder at InstaMed – Before founding InstaMed, Chris was an executive in Accenture’s Health and Life Sciences practice. Chris has been involved in strategic development efforts regarding government health initiatives, consumer-directed health plans and direct connectivity between providers and payers. Chris has certifications and expertise in Programming, Architecture, User Experience, Database Technologies, Networks, Network Architecture, Security and Project Management. Chris is a named inventor of multiple patents and patent applications held by InstaMed.