To achieve Payment Card Industry (PCI) compliance, companies must follow several standards to process card payment information safely. By following this PCI compliance checklist, your organization can ensure it adequately protects patients’ data against a breach.

1. Determine Your PCI Level

There are four PCI compliance levels based on the number of card transactions an organization processes annually:

  • Level 1: 6 million transactions or more
  • Level 2: 1 million to 6 million transactions
  • Level 3: 20,000 to 1 million transactions
  • Level 4: 20,000 or fewer transactions

Each level has different compliance requirements.

2. Remove Sensitive Authentication Data

Security is easier when your organization has as little data to protect as possible. Remove sensitive data from your internal systems so hackers cannot access it if they breach your network.

3. Protect Network Systems

Protect your network systems by limiting access to sensitive data and increasing your security around the access points that a hacker may use in a breach.

Use Secure Payment Card Applications

4. Use Secure Payment Card Applications

Place controls on your payment applications to make them as secure as possible.

5. Monitor and Control Access to Your Systems

Control and track who has network access and monitor their actions on your network to be aware of threats.

6. Build and Maintain a Network to Protect Stored Cardholder Data

Partner with a reliable information technology contractor to create a secure network, including a firewall. This system should prevent hackers from getting unauthorized access to payment information. Maintenance includes regularly changing passwords and updating the firewall.

7. Complete an Attestation of Compliance Form

A PCI attestation of compliance (AOC) is a form an organization must complete and send to the Payment Card Industry Security Standards Council (PCI SSC) to confirm that its Payment Card Industry Data Security Standard (PCI DSS) assessment was successful. A qualified security assessor should check this form before submission to make sure it’s correct.

8. File Paperwork With Banks and Credit Card Companies

If the banks and credit card companies you work with want proof of your compliance, send them your self-assessment questionnaire (SAQ) or AOC.

See also  How to Prepare for a HIPAA Audit
Understand the Penalties for Failing to Meet These Standards

9. Understand the Penalties for Failing to Meet These Standards

If your organization does not meet every item on the PCI compliance checklist, you may face penalties like:

  • Sanctions from banks.
  • Increased fees.
  • Fines.
  • Eviction from credit card payment processing infrastructure.

More severe penalties include lawsuits and prosecution.

Contact Agio Today

Agio will help your healthcare organization become compliant through our PCI compliance assessment. For more information, contact us today.