PCI and HIPAA Compliance – What You Need to Know
PCI and HIPAA Compliance is a moving target – with new regulations and fines under constant development. With that in mind, we’ve put together a list of the top questions partners and customers ask.
Why is My Practice Vulnerable?
15 million people are the victims of identity theft each year. Healthcare practices are targeted more than yogurt shops, dry cleaners, and other businesses because they possess the most sensitive repositories of personal information. Hackers can sell every patient file for over $500 on the open market and some are now holding data for ransom. A simple internet search for “Data for Ransom” illuminates the unfortunate risks being experienced by many healthcare providers today.
How Can I Tell if HIPAA Affects Me?
If you furnish, bill, or receive payment for healthcare in the normal course of business , or if any transactions are conducted in electronic form – then your practice must comply with HIPAA/PCI regulations.
Must I Comply with New HIPAA Privacy Standards?
Congress has signed into law a Privacy Rule that health plans, healthcare clearinghouses, and healthcare providers who conduct financial transactions electronically must comply. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers. These entities are bound by the new privacy standards, even if they contract with others to perform essential functions. To see if you’re among those who must comply, visit: http://hipaanews.org/checklist.htm
What is the PCI DSS Compliance Standard?
PCI DSS is a unique set of security and business requirements designed to ensure entities that process, store, or transmit credit card information do so in a secure environment. The standard is administered by the PCI Security Standards Council – which oversees all administration and management. For a full list of standards and how each applies to your business, visit: www.pcisecuritystandards.org.
How Can I Become PCI Compliant?
Core to compliance is a yearly Self-Assessment Questionnaire, consisting of 75 questions addressing 12 security requirements. To comply, you must possess
a series of written security policies, procedures, employee handouts, and training – all related to the secure handling and processing of credit card data. You are also required to run an annual scan of your IP address to determine if your IP address can be hacked and sensitive credit card data exported.
HIPAA Compliance is Vital. However, Is PCI Compliance Necessary?
HIPAA only addresses the portability and accountability of patient data. Quite often, this excludes unprotected financial records. A PCI Violation is also a HIPAA violation. In other words, PCI violations are a double exposure for healthcare providers and should be an essential piece of the compliance process.
Honestly, Isn’t a Patient Data Breach More Serious?
Any data breach has serious consequences for the patient & the business practice. If your organization does not perform due diligence, you’re open to steep fines, fraud, and loss of credit card processing rights.
Are Non-Compliance Penalties Really that Bad?
Failure to comply can result not only in fines of $500,000 per data security incident and penalties of $50,000 per day for non-compliance.
Why Does PCIHIPAA Merge Compliance Solutions?
The two are inextricably linked. Any PCI breach is also considered a HIPAA violation. Backed by 20 years of experience in these complex markets, PCIHIPAA is the only company to offer complete
I Already Know HIPAA Compliance Firms. Why Should I Consider PCIHIPAA?
A business cannot have HIPAA Compliance without following PCI regulations. PCIHIPAA offers market expertise in both HIPAA & PCI.