If You're Not " PCI HITECH ACT" Payment Compliant,
You May Not Be HIPAA Compliant!
The Cost of Non-Compliance
Being HIPAA non-compliant can result in significant penalties. In addition, being PCI non-compliant can cost tens of thousands of dollars.
An Arizona physician was recently fined $100,000 for not being HIPAA compliant.
Blue Cross Blue Shield of Tennessee (BCBST) was fined $1.5 million for not being HIPAA compliant. BCBST reported it spent nearly $17 million in investigation, notification and protection efforts.
We make it easy to assess and validate PCI Compliance.
Healthcare practices are prime targets for data breaches due to the large amounts of sensitive information you maintain to take care of your patients. And with the growing use of Electronic health Records (HER) and electronic Protected Health Information (ePHI), the need to protect and secure this data from exposure is critical.
Preventive Measures: Compliance
Through the Health Insurance Portability and Accountability Act of 1996 (HiPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), rules – and penalties – have been set forth that require healthcare organizations to secure their ePHI and become compliant.
In addition, healthcare practices often overlook the protections and security required for cardholder data. While the majority of healthcare practices accept credit and debit cards as payment, they don't realize the need to comply with the Payment Card Industry Data Security Standard (PCI DSS).
What is HIPAA's Security Rule?
HIPAA's Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical and physical safeguards for protecting ePHI. The Security Rule is vague and often leaves you unsure of how to meet the necessary requirements to be compliant.
What is PCI DSS?
PCI DSS is a set of rules designed to make sure that all companies that process, store or transmit credit card information maintain a completely secure environment for the transmission and/or storage of credit card information. Compliance with PCI DSS is mandated by all of the major credit company networks which includes Visa, MasterCard, Discover, American Express and JCB. PCI DSS has specific requirements that are reasonable to keep. This makes PCI DSS easier for you to follow.
PCI DSS Requirements
Install and maintain a Firewall configuration to protect data.
Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect stored data
Encrypt transmission of cardholder data and sensitive information across public networks.
Use and regularly update anti-virus software.
Develop and maintain secure systems and applications
Restrict access to data by business need-to-know.
Assign unique ID to each person with computer access.
Restrict physical access to cardholder data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain a written policy that addresses information security with all employees annually.
HIPAA Security Rule
A covered entity must implement technical security measures that guard against unauthorized access to ePHI (electronic Protected Health Information) that is being transmitted over an electronic network.
A covered entity must implement hardware, software and/or procedural mechanisms to record and examine activity in information systems that contain or use ePHI.
A covered entity must implement technical policies and procedures that allow only authorized person to access electronic Protected health Information (ePHI).
A covered entity must implement policies and procedures to protect ePHI from improper alteration or destruction. Electronic mechanisms must be implemented to comoborate that ePHI has not been altered or destroyed in an unauthorized manner.
OUR PCI Program Makes it Easy to Assess and Validate Compliance
In addition to helping you meet some of the HIPAA standards, our comprehensive security program helps you assess and validate your PCI compliance and includes:
Up to $20,000 indemnity waiver to help cover approved costs in the event of a breach
Confirmation of PCI DSS Compliance
Online Self Assessment Questionnaire
PCI DSS Customer Support
More Payment Solutions for a Healthy Practice
For more than 500,000 businesses around the globe, we provide a level of security and confidence about payment processing that free you to concentrate on other things- like taken care of your patients.
Credit and debit card processing, checks, gift cards and loyalty card programs available
Multi-Merchant, Recurring Payments, QuickBooks and Virtual Terminal services available
Dedicated Team of Professionals
24/7/365, US-based Customer Support
On-Demand, Online Account Reports
Author: Ken Givens has been a marketing and security consultant in the Credit Card and Check Merchant Services industry since 1994. He has worked for national companies, as well as owning his own company. He is a member of several trade and business groups and provides learning seminars on security, compliance, fraud, and understanding rates. He can be reached at 512-535-2255 or KenGivens@USMSTexas.com .
Contact us to discuss all your pos needs, cloud based, server based, tablet based, table-side based, we can help with all (888) 995-3995 or email us at: FreeConsultation@USMSTexas.com
Processing services provided by North American Bancard, LLC. All rights reserved. North American Bancard, LLC is a registered ISO of Wells Fargo Bank, N.A., Concord, CA., The Bancorp Bank, Philadelphia, PA, and BMO Harris N.A., Chicago, IL. and Merchants Choice Payment Solutions, a registered ISO/MSP of Woodforest National Bank in Houston, TX - Member FDIC