Medical practices encounter dozens of touchpoints when patient collections can fall through the cracks. From patients who fail to show up for appointments and those who haven’t met their deductibles to people who simply have coinsurance to pay, the possibilities are endless. That’s why some practices choose to keep a credit card on file.
While this can help you bring in more cash, it can also present new legal considerations. Check out these key steps to compliantly keep a patient’s credit card on file.
Create a Credit Card Policy
The patient should sign and acknowledge receipt of your credit card policy, which should outline the terms for keeping their card on file. Specifically indicate in the policy that they agree that you may charge the card if they don’t present for their appointment without adequate notice, or if they have any outstanding charges with your practice.
This should be included in your practice’s financial policy, so new patients know about your credit card policy up front. Have an attorney review your credit card policy to ensure that it’s compliant with state, federal and local regulations before you share it with patients.
Understand the PCI DSS Rules
Any practice keeping a credit card on file must be aware of the Payment Card Industry Data Security Standard (PCI DSS). This rule outlines the standards you must follow to keep credit card information safe when you’re storing it. For instance, the rule requires you to have a firewall configuration in place to protect cardholder data, and you must commit that you won’t use vendor-supplied defaults for system passwords and other security parameters.
If your practice is not IT-savvy, make sure you work with a consultant who is before storing credit cards, since you can’t collect that data if you don’t have a way to protect it.
Check Your Insurance Policy
Any practice storing credit card data should contact their insurance carrier to make sure that they have insurance coverage if something happens to that patient card information. Your practice will be liable if that information falls into the wrong hands, and you want to make sure you’re covered.
Ensure Your Credit Card Policy Is HIPAA-Compliant
In addition to following the PCI DSS rules, your credit card data must also fall within the HIPAA standards. This means:
- All credit card information must be placed in locked shred bins when being disposed of.
- All employees who are responsible for disposing of such information should receive proper training.
- Team members should not be accessing a patient’s information, except as needed for the minimal amount necessary to accomplish the permissible purpose.
You should assign a unique ID to each person with computer access so if someone accesses a patient’s credit card data, you can check the logs later to determine which employee did it. In addition, perform frequent risk assessments to ensure credit card data is safe and protected at all times.
Train Employees Well
Ensure that all of your practice’s team members understand the credit card policy and know how to comply with it so you protect patients’ credit card information. Share with them information they can explain to patients who may ask why their credit card is being maintained or why it was charged. Your staff needs to not only know how to maintain and protect credit card information, but to also explain it to patients in simple terms.
Want more tips on keeping credit cards on file so you can easily charge no-show fees? Check out strategies from attorney Jean Singleton, JD, during her training session, Patient No-Shows: Reduce Legal Risk and Lost Revenue. Jeana will walk you through all the steps so you can bring in cash while staying compliant. Register today!
 |
Subscribe to Healthcare Practice Advisor |
| Get actionable advice to help improve your practice’s reimbursement, compliance, and success in this weekly eNewsletter. |
|
|
|