Why Healthcare Providers Must Comply with PCI DSS
When patients use credit cards to pay for health services, providers must meet the requirements of the payment card industry’s new Data Security Standard
As a healthcare provider, you are governed by the Payment Card Industry’s Data Security Standard (PCI DSS) if you process, transmit, or store cardholder data. In the same way that your compliance with HIPAA is required to protect your patients’ health information, compliance with PCI DSS is required to protect your patients’ payment information. This is true:
- When you accept a co-pay by credit card
- When a patient hands you a debit card to cover their office visit
- When you accept a prepaid card in payment for a medical supply, such as a brace the patient needs, or for a service
- When a patient provides their credit card information online to pay their medical bill.
There are numerous other payment card acceptance scenarios that require your compliance with the PCI Data Security Standard. You have a responsibility to know and understand them, just as you are required to understand and comply with HIPAA.
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.