Should I Keep My Patients' Credit Cards on File?
Having a credit card on file is a service many patients have come to expect from their healthcare providers. It can be convenient for copays, deductibles, services not covered by insurance or cash patients.
Posted in Risk Management on Wednesday, November 7, 2018
As a doctor, you may find that having patient credit cards on file also benefits you. Some credit card processing systems are integrated with EHRs to make billing more convenient and minimize staff time. It can eliminate the lag in cash flow as you no longer have to wait for patients to pay their bills.
However, there are also significant risks to keeping your patients’ credit cards on file.
Security is a major concern, and you must establish proper procedures to protect your patients’ information. Some chiropractic practices don’t put in place the level of safeguards needed when handling credit card information.
“If you decide to maintain patient credit cards on file, you shouldn’t keep this information on paper or in your computer system,” said Jean Gerritsen, vice president of card services at NCMIC. She recommends working with your credit card processor to ensure an outside vendor is properly protecting your patients’ credit card accounts.
It’s also important to communicate with patients about how and when their credit cards will be charged. Keep in mind that you cannot require patients to pay through a credit card for chiropractic care or keep charging a credit card without a patient’s authorization.
“Due to the added convenience to the merchant for this service, there are certain safeguards you must put in place, both for HIPAA and for PCI (Payment Card Industry) considerations,” said Gerritsen. For these reasons, you should ensure your credit card processor is working with vendors that securely store your patients’ information and are PCI-validated to do so.
Most important, make sure that no one on your staff stores patients’ card information through non-PCI-validated practices, such as by writing card numbers in a notepad or keeping a spreadsheet of patient card information. The penalties can be costly—both in monetary penalties and negative publicity.