PCI Compliance

It is vital to your practice to incorporate PCI compliance. PCI, or PCI DSS (Payment Card Industry Data Security Standard) are standards that are in place to protect the security of your patient’s payment information.  Here at IT Medical Group, we provide PCI compliance assistance in the form of PCI risk assessments that can work…

It is vital to your practice to incorporate PCI compliance. PCI, or PCI DSS (Payment Card Industry Data Security Standard) are standards that are in place to protect the security of your patient’s payment information.  Here at IT Medical Group, we provide PCI compliance assistance in the form of PCI risk assessments that can work with MasterCard, Visa, Discover, and American Express credit cards. We can help educate you in using the best procedures to keep your patient’s payment information safe, and provide thorough reports from the risk assessment. 

Protect your patients from credit card fraud

The Payment Card Industry Security Standards Council, and the card companies themselves, mandated PCI compliance to help protect clients from credit card fraud, and evidence of compliance is checked annually. This is accomplished either through an outside company that will generate an ROC (Report on Compliance) for companies with a larger volume of data, or can even be accomplished for companies with smaller data volume through an SAQ (Self-Assessment Questionnaire). 

Following is the list of the twelve requirements as put forth by the Payment Card Industry Data Security Standards Council that you will need to address for your medical practice:

  1. Firewall protection for your system
  2. Settings and passwords configuration, do NOT use passwords or system defaults from the vendor 
  3. Cardholder data must be properly stored and protected 
  4. Encrypt transmission of cardholder data across public, open networks
  5. Use and regularly update anti-virus software
  6. Update and patch systems regularly
  7. Cardholder data needs to have access restricted to business need-to-know
  8. Each person with computer access must have a unique user ID 
  9. Ensure that physical access to workstations and cardholder data is restricted
  10. Logging and log management implementation 
  11. Regularly check vulnerability scans and perform penetration tests 
  12. Complete risk assessments and documentation assessments 

If you want to ensure that your medical practice is protecting your patient’s payment information, then please give IT Medical Group a call today so we can help you out! Call (661) 501-9988 and we’ll take a look.