Digital Transactions Authoritative, insightful and timely information for payments professionals
Retailers have complained the loudest about the cost of complying with the Payment Card Industry data-security standard, or PCI, but comments Tuesday at a health-care payments conference indicate that medical providers also incur considerable expense to secure their card-accepting payment systems. PCI-related costs come to about $100,000 a year for Consultants in Radiology P.A. (CIRPA), a Fort Worth, Texas, practice with 20 physicians, according to Rebecca Greenwood, administrator at the firm. “This is huge,” she said, noting that though CIRPA generates $60 million in annual revenue, PCI compliance is a considerable cost after salaries are paid. Greenwood participated in a panel about accepting patient payments at the point of care during the second-annual Healthcare Payments Automation Summit in Chicago. Boston-based The Association for Work Process Improvement Inc. (TAWPI) sponsored the event. PCI has cost Duke University Health System “several million dollars in IT infrastructure,” said another panelist, Scott Hawig, divisional chief financial officer of the health-care network that includes Durham, N.C.'s Duke University Hospital, two other hospitals, and dozens of clinics and other facilities. The panelists did not rip PCI as many retailers have, but they pointed out that it is one more expense at a time when the health-care industry is trying to automate its frequently antiquated payment and record-keeping systems. Even remote deposit capture, which is gaining wide traction in the retail world as merchants seek to reduce check-processing costs by scanning checks themselves and uploading images to their banks, isn't always a slam-dunk for an individual business. CIRPA is holding off on remote capture, at least for now. “My bank fees were too high,” said Greenwood. “There was no return on investment for me to do that.” Remote capture has gone better for The Mentor Network, a Boston-based provider of social services for people with developmental disabilities, head injuries, and emotional or behavioral problems. The firm has more than 400 locations in 36 states and was looking to simplify its check-handling processes that involved 70-plus bank accounts, Chris Kozakis, director of treasury operations, said at a conference session. One reason: Employees taking checks to the bank often would run errands on the trip, resulting in extra time away from the office. “It created this process of inefficiency,” he said. Mentor Network picked Brookfield, Wis.-based specialty processor iStream Financial Services to implement a bank-agnostic remote deposit capture program. IStream got 51 scanner locations operating in 90 days. Mentor is now saving 140 full-time-equivalent hours per month in bank-related employee time, Kozakis said. It's down to five bank accounts, and headed toward one. Another panel warned attendees of coming new medical-information privacy and security requirements arising from the recently enacted Health Information Technology for Economic and Clinical Heath Act. Known as the HiTech Act, the law was part of the federal stimulus package meant to jump-start the economy. While it will funnel new money into making medical records electronic, it also will impose new data-breach reporting and other mandates on companies that in some fashion handle medical information, including banks that provide billing and other payment services to health-care providers.
