5 Reasons PCI Compliance is Important in today’s Healthcare Industry
In today’s society, most medical patients using credit/debit cards to make transactions to pay for medical bills. Most do this over the phone. But how safe is every transaction that your patient makes? How can you assure them that their credit card information is not going to get in the hands of hackers? This is where PCI Compliance comes into place.
More than Ten years ago the Payment Card Industry (PCI) developed a set of 6 controls and 12 requirements to help reduce the risk of data breaches during or following a financial transaction. A participating company must meet more than 200 sub-requirements outlined in the Payment Card Industry (PCI) and Data Security Standard (DSS) that they must comply with and re-certify every year.
Here are the 12 Requirements:
- Install and maintain a firewall configuration to protect cardholder data.
- Use organization, not vendor-supplied, defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update anti-virus software or programs.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data based on who has a need to know for business purposes.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for all personnel
The healthcare cyber security market is segmented by the following: DDoS advanced persistent threat (apt), spyware, type of threat into malware, and lost and stolen devices.
Some examples of recent attacks in the Healthcare sector:
In 2013, Boston Scientific, St. Jude Medical and, Medtronic witnessed cyber-attacks and hacking. In 2015, Anthem, which is the second largest health insurance provider in the U.S., witnessed a massive cyber-attack leading to loss of 80 million customer records.
Top 5 reasons you should make the move to be compliant in your healthcare company.
1. It’s a Requirement: The healthcare industry already has to follow HIPAA compliance but if in addition to that your company processes, transmits or stores debit/credit card information, you are required to be PCI compliant. This is recommended if your business uses their telephones and websites for credit card transactions.
2. Keeping your patient’s credit card info secure and building trust: Healthcare Industries already keep medical records private and secure with the HIPAA policy. By doing this, they gain trust from their patients. Keeping a Patient’s Credit Card secure furthers the trust relationship between the patient and the company. It leaves patients feeling safe knowing that you are taking good care of securing not only their medical information but their banking information as well.
3. Save money by not paying fines: Avoid fines of up to $500,000 for not being in compliance. By becoming compliant you can reduce yearly fines. This is a Cost Reduction.
4. Preventing database breaches: Everyday, hackers are trying to illegally gain access to company databases which leaves people’s information at risk. By becoming PCI compliant you have more security added to prevent database breaches.
5. Data Redaction Any inbound calls that are recorded and have your patient’s credit card data on them can be redacted and put in a safe, hidden and secure location.
To learn more on how PCI compliance can help your healthcare business , schedule a demo today.