Hospitals That Take Plastic Must Comply with PCI
Healthcare privacy and security teams watch closely for new rules and regulations from the government that will modify the HIPAA privacy and security rules.
However, they should also keep an eye on another security standard that last month cost a Boston restaurant chain $110,000. The Payment Card Industry (PCI) Data Security Standard (DSS), first released in 2004, requires any entities that accept credit cards to protect that information from theft.
In Boston last month, The Briar Group LLC, which runs popular restaurants in the city, agreed to pay $110,000 in a settlement after it was charged with not taking reasonable steps to protect diners' personal information from credit and debit cards.
Healthcare entities must take caution here, too. Those that take plastic, must comply with PCI DSS. And not all entities are aware of the standard, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.
"I think healthcare organizations - and many others - are still unaware of PCI DSS," Borten says. "They may or may not be directly affected by DSS, depending on circumstances, but in any case, the security requirements are, like ISO (International Organization for Standardization), HIPAA, and other regulations and frameworks, simply good practice."
PCC DSS standards require organizations who take plastic to:
- Build and maintain a secure network
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect cardholder data
- Requirement 3: Protect stored cardholder data
- Requirement 4: Encrypt transmission of cardholder data across open, public networks
- Maintain a vulnerability management program
- Requirement 5: Use and regularly update antivirus software
- Requirement 6: Develop and maintain secure systems and applications
- $6.4B Henry Ford, Beaumont Merger Failed on Cultural Hurdles
- House Lawmakers Grill CMS Over Health Exchange Navigators
- Fortunately, Angelina Jolie Isn't On Medicare
- Don't Let Nurses Sink Your Bottom Line
- How Chargemaster Data May Affect Hospital Revenue
- Uncompensated Care Faces a Double Hit in Some States
- Hospital Pricing Transparency a Marketing Game Changer
- ED Physicians Key to Half of Hospital Admissions
- Primary Care Docs Average More Hospital Revenue Than Specialists
- Insurer's App Aims to Lower Healthcare Costs, Securely