Written by Caleb Varoga on Apr 7, 2020
Adapting Payment Solutions Amidst a Global Health Crisis
To our partners and customers:
In recent days, and the weeks to come, the effect of COVID-19 on our world and our lives is likely to remain top of mind. While your medical teams are on the front line of this battle, we hope to be as supportive as possible to remove any barriers and friction that exist in the revenue cycle, allowing you to focus on providing an excellent and safe clinical experience for your patients. Please don’t hesitate to reach out to the Salucro team if there is anything we can do to help.
Maintaining P2PE Compliance for Revenue Cycle Collection Staff Working From Home
In recent days we’ve heard that many healthcare revenue cycle teams have begun transitioning to a work-from-home policy. Thankfully, the Salucro Payment Platform can be accessed from anywhere permitted by the client and can accept payments using Point-to-Point-Encryption (P2PE) devices.
Collection teams should ensure that a work-from-home policy takes into account the organization’s security and compliance program, including P2PE requirements. Organizations should ensure that a user’s home network, devices, and phone systems do not jeopardize P2PE compliance by implementing appropriate administrative, technical, and physical security controls.
Here are five things healthcare organizations should keep in mind with respect to P2PE compliance when considering a work-from-home policy for employees who accept patient payments:
- Consider implementing a tracking and monitoring system for P2PE payment devices. By including written user acknowledgements and receipts, you can ensure chain-of-control can be verified.
- Is the P2PE payment device you currently use compatible with employees’ home network technology? Many devices are ethernet-only, while some homes only use WiFi networks for an internet connection.
- Even if using a P2PE payment device, have other security controls been in place to keep payment and other sensitive information off the employee’s home devices, network, or phone system?
- Is a virtual private network, or VPN, required for the P2PE device to communicate directly with the Salucro Payment Platform?
- Does the user have the capability to lock and secure the device to ensure it cannot be stolen or tampered with, consistent with P2PE requirements?
Your compliance teams are encouraged to reach out to your P2PE service provider to ensure your policies are consistent with your P2PE obligations and consult the P2PE Instruction Manual and to ensure the use of payment devices from home remains consistent with your security and compliance requirements. In addition to evaluating P2PE devices in a work-from-home environment, consider workflow adjustments to promote patient self-service for making payments. This could include routing the patient to a secure, automated IVR line, or sending them a link to an online patient portal to complete their payment or payment plan.
While you are likely in the midst of making many operationally critical decisions as we all adapt to our new normal, it is essential to take account of these considerations to ensure your P2PE compliance program remains intact.
Have questions about whether or not your existing program could support a work-from-home payments process? Contact the Salucro Support team to learn more.