Let me set aside my day job for a moment.
This isn’t a post from someone in the payment risk management space. This is from me as a patient. Someone who puts their trust in healthcare providers not just to care for my health, but to safeguard the sensitive information provided during that process.
That’s why what I recently encountered was so troubling.
A fairly large hospital network, one that, not too long ago, made headlines for being the victim of a major cybersecurity breach, offers patients the ability to make payments by phone. On the surface, that sounds convenient. But then I saw the actual instructions posted clearly on their website.
To make a payment, the hospital asks you to leave a voicemail with the following information:
You don’t need to be in the cybersecurity or payment industry to know this is wildly irresponsible.
For most people, this would immediately raise red flags or cause them to hang up the phone altogether. But here’s the thing: some patients will follow these instructions. They’ll leave this highly sensitive information in a voicemail, assuming that the hospital knows what it’s doing and his looking out for them. That’s what makes this so troubling.
We don’t need to invoke industry jargon or throw around compliance acronyms like PCI DSS to recognize this is a problem. Before we even talk about regulations, we should talk about basic responsibility and common sense.
Healthcare organizations, especially those that have already experienced a security breach, should be leading by example. They should be training their teams, updating their processes, and implementing simple technologies that make it easy for patients to pay securely without putting them at risk.
And let’s be honest: it doesn’t take much. There are straightforward, affordable ways to collect payments by phone without ever exposing a patient’s credit card information to voicemail systems, untrained staff, or unsecured channels.
So, here’s my advice, patient to provider:
- Stop. Take a moment and ask: How are we actually collecting payment information from our patients?
- Review. Compare those practices against basic industry guidance (yes, the PCI Security Standards Council publishes them for free).
- Fix. Don’t wait for the next breach, or for patient trust to erode. Make the small changes that will make a big difference.
Be smart. Be safe. And your patients—and your organization—will thank you for it.
Struggling with PCI Compliance?
Where to Start with PCI Compliance? Identify Your PCI Scope! The first step you need to take before beginning your PCI compliance journey is determining your PCI Scope. Get started with your complimentary PCI Scope Wizard today! Click below to book a free session with an expert who will guide you through the process. This 15–30-minute session is designed to save you countless hours of frustration—sit back and let us handle the details!
We’re Here to Help
Call 1 800 831 6660 or
What our clients are saying about us
“Never any issues with you guys! Things just work.”
“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”
“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”
“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”
“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”
“Great team to work with. I look forward to utilizing some additional capabilities in the future.”
“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”
“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”
“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”
