Hospitals That Take Plastic Must Comply with PCI
Healthcare privacy and security teams watch closely for new rules and regulations from the government that will modify the HIPAA privacy and security rules.
However, they should also keep an eye on another security standard that last month cost a Boston restaurant chain $110,000. The Payment Card Industry (PCI) Data Security Standard (DSS), first released in 2004, requires any entities that accept credit cards to protect that information from theft.
In Boston last month, The Briar Group LLC, which runs popular restaurants in the city, agreed to pay $110,000 in a settlement after it was charged with not taking reasonable steps to protect diners' personal information from credit and debit cards.
Healthcare entities must take caution here, too. Those that take plastic, must comply with PCI DSS. And not all entities are aware of the standard, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.
"I think healthcare organizations - and many others - are still unaware of PCI DSS," Borten says. "They may or may not be directly affected by DSS, depending on circumstances, but in any case, the security requirements are, like ISO (International Organization for Standardization), HIPAA, and other regulations and frameworks, simply good practice."
PCC DSS standards require organizations who take plastic to:
- Build and maintain a secure network
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect cardholder data
- Requirement 3: Protect stored cardholder data
- Requirement 4: Encrypt transmission of cardholder data across open, public networks
- Maintain a vulnerability management program
- Requirement 5: Use and regularly update antivirus software
- Requirement 6: Develop and maintain secure systems and applications
- CEO Exchange: Preparing for Population Health
- Advocate, NorthShore Deal Would Create 16-Hospital System
- Better HCAHPS Scores Protect Revenue
- Narrow Networks Cut Costs, Not Quality, Economists Say
- 3 Strategies for Retaining Millennial Employees
- Power of price: In South FL and the nation, healthcare costs often are shrouded in secrecy
- Two NY hospitals to offer free hip and knee replacement surgeries for qualifying patients in December
- Hospital mergers may lead to higher prices
- Healthcare data of 1 million NJ patients compromised since 2009
- 'Early Offer' Malpractice Programs May Spur Reform