5 Reasons PCI Compliance is Important in Today’s Healthcare Industry
In today’s society, most medical patients are using credit/debit cards to make transactions to pay for medical bills. Most do this over the phone. But how safe is every transaction that your patient makes? How can you assure them that their credit card information is not going to get in the hands of hackers? This is where PCI compliance for healthcare providers comes into play.
More than ten years ago, the Payment Card Industry (PCI) developed a set of 6 controls and 12 requirements to help reduce the risk of data breaches during or following a financial transaction. A participating company must meet more than 200 sub-requirements outlined in the Payment Card Industry (PCI) and Data Security Standard (DSS) that they must comply with and re-certify every year.
If you’re not sure why it is important, think back to that customer paying over the phone. You wouldn’t want their details to go astray, would you? Nor would you want to be responsible for such a misstep when it comes to PCI standards. In this blog post, we take a look at five of the top reasons why PCI compliance for healthcare providers is important.
1. Meet PCI Requirements
As we touched on above, the 12 PCI standards were established 12 years ago to gain some kind of regulation and security on the use and storage of personal details, fixing the problem of potential fraud or other misuse of personal information. Below are the 12 requirements as they currently stand as barometers of best practice when it comes to PCI compliance for healthcare providers:
- Install and maintain a firewall configuration to protect cardholder data.
- Use organisation, not vendor-supplied, defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update anti-virus software or programs.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data based on who has a need to know for business purposes.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for all personnel.
The healthcare industry already has to follow HIPAA compliance, but if your company also processes transactions, transmits or stores debit/credit card information using telephones and websites, you are required to be PCI compliant too.
2. Ensure DSS Compliance to Prevent Hacking
Hacking in the healthcare industry is a very real threat, as evidenced by the following:
- In 2013, in America, Boston Scientific, St. Jude Medical and Medtronic witnessed cyber-attacks and hacking.
- In 2015, the second largest health insurance provider in the U.S., Anthem, witnessed a massive cyber-attack leading to the loss of 80 million customer records.
If it can happen to those large companies, it can potentially happen to you too. But there is an answer. Using DSS compliance measures can prevent hacking of your patient details and build trust with patients. Healthcare industries already keep medical records private and secure with the HIPAA policy. Keeping a patient’s credit card secure furthers the trust relationship between the patient and the company. It leaves patients feeling safe knowing that you are taking good care of securing not only their medical information, but their banking information as well. You may wish to investigate what is on offer in the healthcare cyber security market. Segments in this industry that could be a threat to your business include DDoS advanced persistent threat (apt), spyware, malware, and lost and stolen devices. All these factors show you why PCI compliance for healthcare providers is so important.
3. Maintain HIPAA Compliance for Confidentiality
As stated above, the HIPAA policy enforces the privacy of medical records. This also encompasses digital records including x-rays and care plans. Where records are verbal and conducted over the phone, HIPAA compliance is important as always. If you’re a health organisation, maintaining compliance is essential, or you may receive fines or penalties. A tiered structure for violations of the standards is in place, starting with a fine of $25,000 for tier 1.
4. Securely Process Payments & Credit Card Information
When your patients call to pay bills over the phone, it’s important to stay compliant with the PCI regulations. Some call recording software, like our own at CallN, offers an easy to use redaction feature which can be activated by a keypress or automated through system rules. With this redaction of sensitive data, you will automatically be compliant with all PCI rules and regulations.
5. Avoid Fines and Penalties
There are fines and penalties associated with ignoring PCI regulations in Australia. Some come from payment providers, while others come from governments. Penalties can range from as small as $5,000 or as large as $100,000 per month. Small businesses may not survive such fees. PCI compliance in Australia may not be legislation, but it’s an industry standard. If you ignore the regulations, you may end up in court if cardholder data security breaches result from your negligence.
Need Help Ensuring PCI Compliance for Healthcare Providers?
If you’re looking for call recording software that ensures PCI compliance for healthcare providers as a matter of course, check out the feature-packed solution offered by CallN. Our software has innovative features to make PCI compliance a breeze. Call us today on 1300 IMPROVE to learn more.