A guide for underwriters at ISOs and Acquirers onboarding MCC 8011 physician and medical practice merchants, covering risk assessment, fraud signals, and the underwriting questions that matter.
If you're underwriting a physician practice, MCC 8011 is lower risk on fraud but carries real exposure around insurance and copay billing, patient payment plans, and HIPAA-sensitive data. Billing complexity and disputes over balances drive most issues. Here's what to look for.
Key Information
This guide covers physicians and medical practices, where insurance adjudication, patient balances, and HIPAA obligations matter more to underwriting than traditional card fraud.
Typical Business Types
Primary Care Practices
#1
General and family medicine providers.
Specialty Physician Practices
#2
Specialists such as cardiology or dermatology.
Multi-Provider Medical Groups
#3
Group practices with multiple physicians.
Payment Processing Information
Transaction Types
1
Copay and Patient Balance
Card payment for copays and post-insurance balances.
2
Insurance Adjudication
Claims processed through payers with patient responsibility.
3
Payment Plans
Installment arrangements for larger balances.
4
Card on File
Stored cards charged after insurance adjudication.
5
Telehealth Payment
Card-not-present payment for virtual visits.
Common Payment Methods
Credit and Debit Cards - Used for copays and balances
FSA and HSA Cards - Health benefit cards for eligible expenses
Insurance Adjudication - Payer claims with patient responsibility
Payment Plans - Installment arrangements on balances
Mobile Payments - Contactless and digital wallets
Underwriting MCC
8011
at scale?
See how Gratify automates the risk assessment and gets applications decision-ready in minutes.
Billing Error Disputes - Conflicts over balance accuracy after insurance
Regulatory Challenges
HIPAA - Patient health information privacy and security
Insurance and Billing Rules - Accurate claims and balance billing limits
State Medical Licensing - Provider licensing and standing
Telehealth Regulations - Rules on virtual care and payment
PCI Compliance - Payment card data security
Common Fraud Signals
Card-on-File Disputes
Disputes on post-visit charges suggest weak consent capture.
Telehealth Payment Fraud
Card-not-present virtual visit payments on stolen cards.
Balance Billing Conflicts
Frequent disputes over balance accuracy.
Example Scenarios and Red Flags
Stored Card Balance Disputes
Patients contesting charges to a card on file.
Telehealth Card Fraud
Virtual visit payments on stolen cards that dispute.
FSA Misuse
Benefit cards used for clearly ineligible charges.
Friendly Fraud
Patients disputing genuine balance charges.
Billing Accuracy Disputes
Conflicts over what the patient owes after insurance.
Common Underwriting Questions
UW Tips Business
Verify provider licensing and practice standing
Confirm the billing and insurance workflow
Check card-on-file consent practices
UW Tips Financial
Assess copay and patient-balance revenue mix
Review payment plan exposure
Examine telehealth volume and trends
UW Tips Risk
Evaluate card-on-file consent and notice
Assess telehealth and card-not-present controls
Review balance billing accuracy practices
UW Questions Business
What specialty and practice structure do you operate?
Are provider licenses current?
Do you offer telehealth and how is it paid?
UW Questions Payments
Do you store cards on file and how is consent captured?
How do you handle copays and post-insurance balances?
How are FSA and HSA payments processed?
UW Questions Fraud
What controls cover telehealth and phone payments?
How do you confirm FSA and HSA eligibility?
How do you handle balance billing disputes?
UW Questions Compliance
Are you HIPAA compliant and how is data secured?
How do you ensure billing and balance accuracy?
Are PCI assessments current?
UW Questions Chargebacks
What is your chargeback ratio and what drives disputes?
How do you document consent and balances?
Do you retain records for representment?
UW Questions Infrastructure
What practice management and payment systems do you use?
How do you protect patient and payment data?
Do you support EMV and contactless at the front desk?
Ongoing Monitoring
Transaction Monitoring
Monitor card-on-file and balance disputes
Flag telehealth card-not-present fraud
Track FSA and HSA transaction patterns
Compliance Checks
Maintain HIPAA safeguards and licensing
Keep billing accuracy practices current
Hold PCI assessments current
Security Updates
Use EMV and contactless at the front desk
Apply verification on telehealth payments
Encrypt and tokenize card and patient data
Risk Assessment
Reassess exposure as telehealth grows
Track balance billing dispute trends
Review card-on-file consent regularly
Merchant Communication
Help the practice capture card-on-file consent to reduce balance disputes. Share guidance on telehealth payment controls and FSA eligibility. Support HIPAA-aligned data handling and billing accuracy.
Overwhelmed with Applications?
Gratify offers instant merchant application enrichment to get the full picture of your customers in real-time
