Health Information Management

PCI requirements are essential to HIPAA security programs

HIM-HIPAA Insider, June 30, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

There's a new threat on the healthcare horizon. Medical identity theft is running rampant and hackers are targeting merchants' credit card systems. It's only a matter of time before the two worlds collide.

"Virtually all patient-facing healthcare organizations accept credit and debit cards, and a significant number of business associates [BA] and other related companies do as well," says Dan Berger, president and CEO of Redspin, Inc., in Carpinteria, California. "Medical records are already one of the most high-value targets for identity theft, and adding credit card numbers in to the mix exponentially increases the security risks that healthcare companies face every day,"
Healthcare organizations must become familiar with the payment card industry data security standards (PCI DSS) to protect the privacy and security of their patients, says Phyllis A. Patrick, MBA, FACHE, CHC, founder of Phyllis A. Patrick & Associates, LLC, in Purchase, New York. "There are all kinds of threats that we didn't see or saw a lot less of a few years ago," says Patrick, a BOH advisory board member.
The Payment Card Industry Security Standards Council (PCI SSC), a coalition of credit card merchants, was established in 2006 to develop the PCI requirements ( The current version of the requirements is PCI DSS 3.0, says Berger.
Credit card companies are not subject to the same federal and state regulations as banks and credit unions, although some states opted to incorporate PCI standards into state law. Therefore, the card companies came together to develop their own security standards to protect cardholder data and industry transactions, says Berger. "In general, PCI is crucial to maintain consistent security controls from the point of sale through the processing systems to the archival records of all transactions," he says.
Continue reading "PCI requirements are essential to HIPAA security programs" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the July issue.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular