When customer payment info is compromised at Target, for example, it’s an inconvenience and a PR scandal; but what happens when the cyber-attack is targeted against a hospital or other healthcare provider? The resulting confusion can actually be deadly. Health care payment processing needs to take note.
This line of reasoning comes on the heels of a report about data breaches and their effect on patient health outcomes. The number-crunching in the report covers a breadth of 3,000 Medicare-certified hospitals. About 10 percent of them had experienced a data breach. The study, based on a PBS report, found a correlation between institutions that experienced data breaches and an uptick in fatalities: 36 additional deaths per 10,000. Perhaps just as troubling is the fact that health care data breaches are on the rise, up 20 percent in 2019 from just last year.
It should be noted that the above data breaches were mostly of medical records which, compared to the richness of data, have a higher “street value” to hackers than payment info, for example. In general, though, it underscores the importance of proper security protocol at every step of the game. With the important processes that are taking place at health facilities, inefficiencies can have a greater cost. While the additional deaths that were mentioned above were suggested to be due to complications & additional delays caused by “remediation activities” that came about from the medical record complications, it’s also important to realize that it’s not easy to separate some aspects of a provider’s operations as more important to guard against cyber-attacks; all facets need to be guarded in order to ensure the safety of patient info, and also the quality of patient outcomes.
Another example we can point to comes from the UK, where the “Wannacry” virus temporarily incapacitated certain aspects of the healthcare system, resulting in the cancellation of some 19,000 appointments, which is especially alarming because it included potentially urgent surgical operations which would have had to been rescheduled. It’s a sobering example of how important it is for health care providers to take the topic of cybersecurity seriously.
When it comes to data security, whether for health care payment processing or record keeping, it’s clear that the stakes are higher when medical service is involved. For our part, Moolah partners with payment gateway Authorize.Net to keep patient payment info safe and secure. This includes help with becoming PCI compliant. Additionally, much of the strategies for keeping your business safe and compliant for the payment card industry will have the additional benefits of tightening your data security across the board; things like tips on network security. With the help of Moolah and Authorize.Net, you can guard your interests, your reputation, and the health outcomes of your patients.
Thank you for scheduling. If you have any questions, please contact us at 800-625-1670.
A credit card surcharge is an additional fee added to a transaction when a patient chooses to pay with a credit card. The surcharge is intended to help offset the cost of credit card processing and applies only to eligible credit card transactions.
No. Debit card transactions may not be surcharged under any circumstances, even if the debit card is processed as a credit transaction or entered manually.
Yes. Credit card surcharges may not exceed the merchant’s actual cost of accepting credit cards and are capped at a maximum of 3% of the total transaction amount, in accordance with card-network rules and applicable law.
Yes. Card networks require clear and transparent disclosure of any credit card surcharge. Practices must notify patients through appropriate signage at the practice entrance, point of sale, and anywhere payments are accepted. If payments are accepted online, the surcharge must also be clearly disclosed on the practice’s website.
Yes. Some U.S. states and territories prohibit or restrict credit card surcharging. Practices are responsible for understanding and complying with their state’s specific requirements before implementing a surcharge.
No. While Moolah provides tools and general guidance to support credit card surcharging, compliance with all applicable laws and card-network rules is the responsibility of the merchant. Moolah does not provide legal advice and assumes no liability for a merchant’s compliance.
Most major credit card networks permit surcharging when done in accordance with their rules, but additional requirements or restrictions may apply. Practices should ensure they have completed all required network notifications and disclosures prior to enabling surcharging.
Failure to comply with surcharging rules may result in card-network fines, required refunds, or other enforcement actions. Practices should ensure they fully understand all applicable requirements before applying a surcharge.
Flex does not currently offer built-in support for credit card surcharging. If a practice chooses to enroll in a surcharge plan, payments would need to be processed through Moolah’s payment platform, which is designed to support surcharging and integrates directly with Open Dental.
If you are considering introducing a credit card surcharge for your patients, it is important to understand that there are specific rules and regulations that must be followed when enrolling in and operating under a surcharge plan.
This article provides a general overview of common surcharging requirements. This content is provided for informational purposes only and does not constitute legal advice. It is the responsibility of each merchant to review, understand, and comply with all applicable laws, card-network rules, and regulatory requirements, including notification timeframes, signage requirements, surcharge percentage limits, and jurisdictions where surcharging is prohibited.
If you are unsure about the laws or regulations applicable to your practice, you should consult with qualified legal counsel. Moolah assumes no liability for a merchant’s compliance or non-compliance with credit card surcharging rules or regulations.
Transparent Communication
Card networks, including Visa, Mastercard, Discover, and American Express, require merchants to clearly and transparently disclose when a credit card surcharge is applied.
Practices must clearly notify patients of a credit card surcharge through appropriate signage placed at the practice entrance, at the point of sale or terminal, and anywhere payments are accepted. If payments are accepted online, surcharge disclosures must also be clearly visible on the practice’s website. All disclosures must inform patients that the surcharge applies only to credit card transactions.
Surcharge Limits
Credit card surcharges must comply with both card-network rules and applicable law. The surcharge amount may not exceed the merchant’s actual cost of accepting credit cards and may not exceed 3% of the total transaction amount.
Card-network rules cap credit card surcharges at 3%, meaning that if a merchant’s processing costs exceed this amount, the excess portion cannot be passed on to the patient.
Network and State Restrictions
The major credit card networks, such as Visa and Mastercard, impose specific requirements related to surcharge limits, advance notification, and disclosure.
In addition, several U.S. states and territories regulate or prohibit credit card surcharging. At the time of writing, credit card surcharging is prohibited in Connecticut, Maine, Massachusetts, and Puerto Rico. Other states, including Colorado, Minnesota, Mississippi, New Jersey, and New York, impose restrictions on surcharge amounts or require specific disclosures.
If your practice operates in a state that restricts or prohibits credit card surcharging, you must fully understand and comply with those requirements before implementing a surcharge.
Debit card transactions may never be surcharged, even if the debit card is processed as a credit transaction.
Applicability
Credit card surcharges may be applied only to credit card transactions. Other payment types, including debit cards and alternative payment methods, are not eligible for surcharging.
Regulatory Compliance
Merchants are responsible for maintaining ongoing compliance with all applicable card-network and legal requirements. This includes meeting advance notification obligations, using compliant signage and disclosures, adhering to surcharge percentage limits, and respecting jurisdiction-specific restrictions.
By following these guidelines, dental practices can implement credit card surcharging in a way that aligns with card-network rules and promotes transparency with patients. Clear and upfront communication helps maintain patient trust and supports a positive payment experience.