Hospitals That Take Plastic Must Comply with PCI
Healthcare privacy and security teams watch closely for new rules and regulations from the government that will modify the HIPAA privacy and security rules.
However, they should also keep an eye on another security standard that last month cost a Boston restaurant chain $110,000. The Payment Card Industry (PCI) Data Security Standard (DSS), first released in 2004, requires any entities that accept credit cards to protect that information from theft.
In Boston last month, The Briar Group LLC, which runs popular restaurants in the city, agreed to pay $110,000 in a settlement after it was charged with not taking reasonable steps to protect diners' personal information from credit and debit cards.
Healthcare entities must take caution here, too. Those that take plastic, must comply with PCI DSS. And not all entities are aware of the standard, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.
"I think healthcare organizations - and many others - are still unaware of PCI DSS," Borten says. "They may or may not be directly affected by DSS, depending on circumstances, but in any case, the security requirements are, like ISO (International Organization for Standardization), HIPAA, and other regulations and frameworks, simply good practice."
PCC DSS standards require organizations who take plastic to:
- Build and maintain a secure network
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect cardholder data
- Requirement 3: Protect stored cardholder data
- Requirement 4: Encrypt transmission of cardholder data across open, public networks
- Maintain a vulnerability management program
- Requirement 5: Use and regularly update antivirus software
- Requirement 6: Develop and maintain secure systems and applications
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers
- CDC Warns of Antibiotic Overuse in Hospitals
- Care Coordination Tough to Define, Measure
- AHRQ: Surgical Admissions Bring 48% of Hospital Revenue
- HIMSS: Software Bugs, Shifting Alliances Unsettling for CIOs
- Hospitals Adapting Amid Continued Drug Shortages
- Evidence-Based Practice and Nursing Research: Avoiding Confusion
- Steep Drop Seen in Medically Unnecessary C-Sections
- SCOTUS Review of NC Board Case 'A Very Big Deal' to Providers
- As Allegations Swirl, Baylor Plano Rejects Baldrige Award