Hospitals That Take Plastic Must Comply with PCI
Healthcare privacy and security teams watch closely for new rules and regulations from the government that will modify the HIPAA privacy and security rules.
However, they should also keep an eye on another security standard that last month cost a Boston restaurant chain $110,000. The Payment Card Industry (PCI) Data Security Standard (DSS), first released in 2004, requires any entities that accept credit cards to protect that information from theft.
In Boston last month, The Briar Group LLC, which runs popular restaurants in the city, agreed to pay $110,000 in a settlement after it was charged with not taking reasonable steps to protect diners' personal information from credit and debit cards.
Healthcare entities must take caution here, too. Those that take plastic, must comply with PCI DSS. And not all entities are aware of the standard, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.
"I think healthcare organizations - and many others - are still unaware of PCI DSS," Borten says. "They may or may not be directly affected by DSS, depending on circumstances, but in any case, the security requirements are, like ISO (International Organization for Standardization), HIPAA, and other regulations and frameworks, simply good practice."
PCC DSS standards require organizations who take plastic to:
- Build and maintain a secure network
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect cardholder data
- Requirement 3: Protect stored cardholder data
- Requirement 4: Encrypt transmission of cardholder data across open, public networks
- Maintain a vulnerability management program
- Requirement 5: Use and regularly update antivirus software
- Requirement 6: Develop and maintain secure systems and applications
- As Medicare Advantage Cuts Loom, Disagreement Over Program's Stability
- Medicare Advantage Carriers See 'No Choice' But to Accept Cuts
- Centralizing the Revenue Cycle Protects the Bottom Line
- Physicians to Appeal 'Docs v. Glocks' Ruling in FL
- CA Fines 8 Hospitals for Medical Errors
- 3 Management Lessons from a Supermarket Debacle
- Doctors Feel Pressure to Accept Risk-based Reimbursement
- Surgical Checklists Unused in 10% of Hospitals, CMS Data Shows
- Employers Weigh Risks, Benefits of Private Exchanges
- Revenue Cycles Get a Boost from Simple JPEG Files