Encryption & Validation Protection
Information Security Throughout the Process
Ultimately, the concept is that any information the user is putting into the medical billing portal gets encrypted and is sent securely to the HIPAA compliant endpoints and database. Upon information validation, the associated patient key comes back, which is random and hard to guess. This key is not PHI (Protected Health Information) but rather a generic identifier.
Then, some form of unique identifier is stored with that user session but it can also be stored with their username and password if they need to create an account. At a bare minimum, it's stored with their session so that patients can use that key value to make payments, view invoices, view details of invoices and possibly dispute a payment. The medical billing portal is predominantly used for one-time payments or schedule payments in installments over a period of time. Finally, the application itself needs the ability to process the payments on time and then send the information back to the HIPAA compliant data storage.
Most likely, an API (Application Programming Interface) will allow the medical billing portal to see that the payment was processed. In the case of recurring payments, the relevant information would be included (e.g. a 3-month plan, 6-month plan, yearly plan, 18-month plan, etc.). In this instance, the medical billing portal may be required to set up the recurring payment portion of the actual payments.
After a payment is successfully processed, the end user would need to receive a notification that the payment occurred. In case of installments, the user would continue to receive appropriate notifications for the duration of their selected payment schedule.
Most users that visit a medical billing portal are often looking to complete one of the following actions:
- Verify their information
- Verify the details of any billings or charges
- Process a payment in full or in some form of spread out payment option
- Interact with the billing company about the charges