Ways to Avoid an Electronic Security Breach

Posted by Dawn Lunde on Thu, Sep 12, 2013 @ 12:14 PM

financial securityYet another facility has made headlines due to a recent security breach of 7,000 patient records. However, this time the breach was for financial data

Ensuring that you maximize efficiencies in your revenue cycle probably means that you use a host of tools to collect payments. This may be an integrated web-based product or a compilation of disparate systems. No matter what you use to manage patient pay, be sure to ask these very important questions of your vendor(s):



1. Is all of the payment transaction data stored with you, the vendor?


2. Does  your site use an SSL or EV-SSL Certificate?

Extended Validation, or EV SSL, raises the bar on standard SSL validation processes, incorporating some of the highest standards in identity assurance to establish the legitimacy of online entities. This includes:

  • Establishing the legal, physical and operational existence of the entity
  • Verifying that the entity's identity matches official records like incorporation and business licensing information
  • Confirming that the entity owns or has exclusive rights to use the domain mentioned in the application for certification
  • Confirming that the request for an EV certificate has been authorized by the entity 

3. Is your site scanned regularly for PCI compliance vulnerabilities?

  1. How often?
  2. How do you address any 'concerns' that arise on the scan?


At least quarterly. More often, the better.

Mitigated within one day.

4. Is cardholder data encrypted?

Yes  (If they have SSL/TLS in place, it is encrypted.  But there are more points of encryption to be concerned with.  Do you use Point-to-Point Encrypted card readers? 

5. Do you mask credit card information (expiration dates, CVV/CVV2 security code and all but the last four digits of the card number):

  1. During transactions
  2. After transactions
  3. Printed receipts
  4. Email receipts

Yes to all

6. Are you audited for PCI-DSS compliance?

  1. How often?
  2. Can I see a copy of your Attestation of Compliance?


At least annually and on-site by third party auditor.

Send a copy within two days.

7. What resources do you have to ensure our organization (the hospital or clinic) is PCI compliant?

They should have an appointed Qualified Security Assessor (QSA) that will work with your organization to ensure your compliance (because cardholder data enters/stays in your organization outside of the payment software – e.g. mail, phone, photocopies, etc).

8. Have you or a client ever had a security breach?


Tags: Patient Payments, healthcare revenue cycle management, electronic security breach, patient pay security, managing patient pay, revenue cycle

New Call-to-action

Subscribe to Our Blog


  • "We have so much more information available to us with SBP than with our previous service. It's offering our patients more flexibility, and happier patients are much more pleasant for our Billing Office to deal with."

    - Kurt A.
    Revenue Cycle Manager
    National Imaging Center
  • "The staff at Secure Bill Pay have been an excellent revenue cycle partner in assisting us with setting up our processes, helping us review and analyze our results and identify opportunities at our various locations. They partner with us to identify new solutions and services as we have grown. The reliability for payment processing has been very good and our requests for Customer Support are handled very timely and thoroughly."
    - Kathleen J.
    Central Business Office Manager
    Multi-Hospital & Clinic Health System
  • "Our volume of patient credit/debit card payments increased by 44% in the first month of the service compared to that same month a year prior (with the same patient volume). We attribute that to now having online bill pay and better ability to collect at the POS for all of our locations [where we had not been before], even the outreach sites!"
    - Terry M.
    Practice Administrator
    Orthopedic Spine Surgery Group
  • “I’ve been shocked with the success of the online bill paying program... Patients come to us in acute health care situations. Bill paying is not their highest priority. We didn’t expect so many patients to use Secure Bill Pay so quickly, but the statistics speak for themselves.”
    - Beth M.
    VP Revenue Cycle
    Large University Health System
  • "Before Secure Bill Pay, online bill pay only accounted for one percent of our payments. After just six months of using Secure Bill Pay’s no-login solution, that number reached 10 percent."
    - Jen R.
    Finance Manager
    Large Ophthalmology Practice
  • “The nice part about Secure Bill Pay is the breadth of tools available to manage the entire patient pay process. But the best part is the outcomes we’ve seen, including year-over-year double-digit increases in patient pay revenue that are not wholly due to industry or volume changes.”

    "The integration with our PM/EMR software is simply icing on the cake."

    - Steve M.
    Director of Business Services
    Large Integrated Health System
  • "Senior Management is thrilled with the numbers coming through due to our implementation of Secure Bill Pay."
    - Kim W.
    Business Office Supervisor
    Inpatient & Outpatient Psychiatric Facility
  • "The system was received with open arms at each clinic. All had a few questions at first, but as you said, it was simple to get comfortable."
    - Sue C.
    Practice Manager
    Large Nephrology Practice
  • "Secure Bill Pay has streamlined our credit card process. It has been beneficial from a processing end to a storage and search of record end. Certainly saves us time!"
    - Jackie F.
    Business Office Manager
    Dematology Practice
  • "It is easy to talk about a product and service we are totally happy with!"
    - Cheryl M.
    Practice Manager
    Mid-size Ophthalmology Practice
  • "We're impressed. Thank you for not being afraid of any question we may ask and answering it in a straightforward manner. This gives us more confidence."
    - Grant E.
    Revenue Cycle Manager
    Large Dermatology Clinic
  • "Secure Bill Pay  is a much more efficient option for collecting patient payments... It is a forward thinking approach for healthcare revenue. Dynamics have switched where we all need to think and act like a business versus a service."

    - Julie H.
    Director of Business Services
    Large Physician Group


Most Popular Posts

Browse by Topic