“What’s in a name?” This timeless question was posed by one of William Shakespeare’s most well-known characters, Juliet, as she argued that lineage was irrelevant when it comes to matters of the heart.
While we’re no experts on love or blood feuds, we do know that when it comes to protecting your healthcare data, a name means an awful lot. When looking to ensure the security of your organization’s information, the name you need to know is “point-to-point encryption.” Point-to-point is a practice that is aptly named as it encrypts data at various points. If you’re wondering how exactly this process occurs, keep reading…we’ll explain.
So what exactly is point-to-point encryption?
According to the PCI Security Standards Council, point-to-point encryption – commonly referred to as “P2PE” – is a “combination of secure devices, applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment.”
In simple terms, P2PE is the practice of transmitting encrypted data from point A to point D. Whereas data could potentially be stolen at points B and C in the process, with P2PE the risk is mitigated by devaluing the data and rendering it useless if stolen. How is this done? By ensuring that the encrypted data, and the decryption keys, are not in the same place until the data has reached its destination.
Different compliance frameworks define P2PE in different ways. Some key tenets of P2PE as it relates to the Payment Card Industry (PCI) are (1.) the solution encrypts credit card data at the point of interaction, and (2.) the merchant does not have the decryption keys.
Why is P2PE important for healthcare providers?
Medical centers and medical insurance providers are top hacking targets because they are essentially “one stop shops” for full consumer profiles, allowing hackers to access a plethora of sensitive and confidential data.
This data includes not only credit card information, but also consumer identifiers such as date of birth, social security number, address, telephone, email and more. This information can allow hackers to perform very extensive identity thefts.
WRF: your partner in protecting patients through P2PE
At Wind River Financial (WRF), we have successfully partnered with several healthcare organizations in strategically deploying P2PE solutions. We’ve worked with these clients to understand and strategize payment industry compliance and risk in order to shore up their systems and safeguard against breaches.
Check out some of our testimonials to hear from the clients themselves. Contact one of our relationship managers or sales associates to learn more and discover how WRF can start you down the path to P2PE protection.