Hospitals That Take Plastic Must Comply with PCI
Dom Nicastro, for HealthLeaders Media, April 19, 2011
At a high level, a basic strategy hospitals should take to reduce their risks, Herold says, include the following:
- Assign a position or person to be responsible for ensuring the security of credit card information, and appropriate controls for using credit cards
- Implement policies and procedures covering how credit cards can, and cannot, be used, in addition to how the related information may be used, shared, stored, destroyed, and generally safeguarded
- Implement technological, operational and administrative controls to protect digital credit card data, as well as hard copy data, and even credit cards themselves that may be obtained
- Provide regular training and ongoing awareness communications to personnel who collect, process, store, and otherwise have access to credit card information
- Consistently enforce and sanction non-compliance, along with having strong executive support for the policies and related actions.
Further, Herold says, take these specific actions to reduce risks:
- Make sure only those who have responsibilities for credit card payments can access credit card information
- Make sure personnel who have possession of credit cards keep those cards from others, and maintain control and security for them at all times
- Do not throw away hard copy credit card slips without finely shredding them, or putting into secured trash receptacles
- Do not allow non-personnel and others without responsibilities for credit card payments to be able to access the payments systems. This includes keeping stations that access such payment systems well-secured and locked when no-one authorized is around.
- Do not keep credit card payment information within patient files, or with patient papers posted in or outside of patient rooms
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- Carondelet to Pay $35M to Settle Fraud Allegations
- Some Cancer Hospitals' Quality Data Will Soon Be Public
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CA Powers Up $80M HIE to 'Create Value in the Data'
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- 3 Traits Personality Assessments Can't Reveal