Corporate Compliance

Protect your organization's wallet: Comply with PCI DSS

Strategies for Health Care Compliance, March 1, 2009

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Strategies for Health Care Compliance.

On October 1, 2008, the Payment Card Industry (PCI) Security Standards Council (SSC) updated its PCI Data Security Standard (DSS) for the first time since September 2006. That means another set of regulations with which most healthcare entities must comply.

“Some clearly are aware of this, but some are not,” says Kate Borten, CISSP, CISM, founder of The Marblehead Group in Marblehead, MA. “It’s hard; there are regulations all over the place.”

Don’t panic just yet. Experts say if you’re doing a good job complying with HIPAA, you’re probably also doing a good job of complying with these standards, which help organizations that process credit card payments prevent fraud, hacking, and other security vulnerabilities.

“Once you’ve got HIPAA down, you’re probably 80%–90% there,” says John C. Parmigiani, MS, BES, president of John C. Parmigiani & Associates in Ellicott City, MD.

But organizations must understand that although some of the same security good practices apply to HIPAA and PCI DSS, the latter requires a much more direct approach to security standards. And those who govern these standards can be less forgiving.

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Strategies for Health Care Compliance.

Comments

0 comments on “Protect your organization's wallet: Comply with PCI DSS

 

Most Popular