TokenEx Enables Secure Omnichannel Collection of Payment Data

Tokenization Enables Omnichannel Collection of Payment Data in Healthcare and Secures your Data Environment

Healthcare organizations handle multiple levels of sensitive information and it is a highly regulated industry.  With Meaningful Use pushing technology in quality, safety, and efficiency; ultimately, privacy and security of patient health information is essential.  In addition, those organizations that support healthcare organizations in some form fall under a Business Associate Agreement with increasing levels of security scrutiny.  Information Sharing through Health Information Exchanges and Insurance Exchanges present a significant risk to this critical ecosystem.  With increased scrutiny, requirements, and auditing the Healthcare Industry is facing new challenges.  These challenges address how sensitive data is received, processed internally, and ultimately leave the organization secure and accountable.

How Tokenization Enables Omnichannel, while Lowering Risk

For Healthcare, a Omnichannel payment acceptance capability involves taking payments online, through a Customer Service Representative, in-person transactions, through mail, or through a third party.  Tokenization is a technology that enables Omnichannel collection of payment information through various means to a common gateway or processor for centralized management of payment collection.  Otherwise, organizations face the challenges of reconciling multiple accounts across diverse systems and multiple payment gateways. Tokenization not only simplifies the process, but introduces an additional security layer that minimizes regulatory impact and enables security.

In the Medical Records Space, tokenization can accomplish similar feats.  Similar to the payment system, data is obtained through multiple channels, e.g. SFTP, Disc, Directly, indirectly through third parties.  Tokenization allows a Health Information Exchange or Business Associate to validate de-identification through the use of tokenization.  Going beyond traditional unique identifiers that do not constitute de-identification to a controlled and verifiable system to de-identify medical information and thereby minimize regulatory impact, and risk associate with handling such information.  Furthermore, it allows organizations to validate security of their environment.  Moving beyond simply stating, “we use SSL” to being able to prove end-to-end processes and accountability of sensitive information.

What type of cyber security vulnerabilities does Healthcare face?

Earlier this year, the Identity Theft Resource Center produced a survey showing that medical-related identity theft accounted for 43 percent of all identity thefts reported in the United States in 2013. That is a far greater chunk than identity thefts involving banking and finance, the government and the military, or education. The U.S. Department of Health and Human Services says that since it started keeping records in 2009, the medical records of between 27.8 million and 67.7 million people have been breached.

Thieves have used stolen medical information for all sorts of nefarious reasons, according to information collected by World Privacy Forum, a research group that seeks to educate consumers about privacy risks.

A few examples:

  • A Massachusetts psychiatrist created false diagnoses of drug addiction and severe depression for people who were not his patients in order to submit medical insurance claims for psychiatric sessions that never occurred. One man discovered the false diagnoses when he applied for a job. He hadn’t even been a patient.
  • An identity thief in Missouri used the information of actual people to create false driver’s licenses in their names. Using one of them, she was able to enter a regional health center, obtain the health records of a woman she was impersonating, and leave with a prescription in the woman’s name.
  • A Pennsylvania man found that an imposter had used his identity at five different hospitals in order to receive more than $100,000 in treatment. At each spot, the imposter left behind a medical history in his victim’s name.

How Tokenization Reduces Risk & Scope

By Tokenizing  your data environment, you remove toxic PCI (Payment Card Information), PII (Personally Identifiable Information), and PHI (Protected Health Information) from your environment. The information is tokenized in a Cloud vault, while you still have unlimited flexibility in how you store, access, and secure your data, while remaining processor agnostic. Find out how you can reduce up to 95% of your PCI risk and compliance, while delivering your customers the highest level of data security in the world. Don’t be another casualty! Find out more at Follow us on Twitter & LinkedIn.

Topic(s): payments , data security , HIPAA , PCI DSS , PII , tokenization

Keep Up With Our PCI & Privacy Blog