Patients are increasingly expected to bear a larger portion of their healthcare costs. These patient
financial obligations, such as deductibles, co-payments, and other self-pay
obligations, make up a larger portion of
a healthcare provider’s balance sheets.
Accordingly, providers are looking to
increase the collection rate of
patient financial obligations. As
payment processing and collection
efforts become more important
for a provider’s bottom line, so
too is attention to the compliance requirements accompanying
This article will highlight (a) the most
comprehensive compliance requirements
in receiving patient self-pay obligations; (b)
operational hurdles presented by patient
payments in modern healthcare settings;
and (c) key aspects of a smart approach to
Overlapping compliance considerations
The healthcare industry has recently seen a
host of breaches, non-compliance, and other
frustrations relating to security, regulatory,
and related compliance obligations inherent in
receiving payments from patients via modern
payment options. With this web of transactions arising from patient payments, a gap in
compliance or awareness is costly.
One southwestern hospital system suffered
a breach of their payment system affecting
more than 3. 7 million individuals.1 The breach
is believed to have occurred through point-of-service payment card devices in the food and
beverage systems. After exploiting a vulnerability in the payment systems, the attackers
were allegedly able to access other components
of the information infrastructure, including
health records. The costs of this breach may
rise into the millions.
This sort of liability necessitates a
careful understanding of the compliance
requirements involved in accepting patient
payments. The leading sources of compliance
obligations relating to patient payment transactions are set forth in the Health Insurance
by Ken Briggs, JD
Patient payment transactions:
A confluence of security and
» The patient payment transaction is an often underestimated source of confusion and under-compliance.
» Breaches or weak safeguards in patient payment systems can affect millions of individuals over a short amount of time.
» Security requirements relating to patient payments come from a variety of sources, including HIPAA and PCI DSS.
» Network segmentation, encryption, and outsourcing are attractive solutions to minimize liability for a healthcare provider.
» A healthy compliance program will involve familiarity with the applicable privacy and security obligations as well as
industry solutions to reduce exposure to liability.
Ken Briggs ( firstname.lastname@example.org) is Vice President of Legal Affairs at Salucro
Healthcare Solutions, LLC in Phoenix, AZ.