PCI: What Healthcare Organizations Need to Know
PCI: What Healthcare Organizations Need to Know
The Payment Card Industry Data Security Standard (PCI DSS) was created as a result of a cooperative effort between the major credit card companies, requiring merchants to protect cardholder information. This standard has been around for several years, yet many healthcare organizations still need to complete the required self-assessment.

Join us for this exclusive session, which will offer in-depth guidance including:

  • The drivers behind PCI DSS;
  • The key security requirements within PCI DSS;
  • A high-level action plan for moving toward PCI DSS compliance;
  • Insights on how PCI DSS compliance relates to HIPAA security rule compliance.


In 2006, the five major credit card companies worked collaboratively to create a common industry standard for security known as Payment Card Industry Data Security Standard (PCI DSS). Merchants (any organizations that accept credit and/or debit cards for payments) may be fined, held liable for losses resulting from a compromised card, or lose their merchant status if adequate security controls are lacking.

For the last decade, however, healthcare organizations have been focused heavily on HIPAA's privacy and security rules while sometimes overlooking other industry standards, such as PCI DSS.

Credit card fraud is ever-increasing due primarily to holes in data security controls. As a result, organizations are facing tarnished reputations because of public disclosures of breaches and unbudgeted costs associated with damage control.

Large payment card transaction volume merchants must have independent audits and frequent vulnerability tests; those with smaller payment card transaction levels are required to conduct a self-assessment and complete a Self-Assessment Questionnaire. All merchants are required to complete an Attestation of Compliance. These self-assessments can be difficult to complete if an organization is unsure about what to do.

In this session, a leading healthcare information security specialist will provide timely, practical tips.

You'll get:

  • An explanation on the background to the PCI DSS; the 12 requirement areas; merchant attestation levels; penalties and liabilities that can occur from non-compliance; and the four self-assessment questionnaire types
  • A summary of relevant state legislation affecting payment card security, in addition to PCI DSS
  • Examples of major breaches of payment card data security and why they were successful
  • A detailed discussion of the key areas and departments to focus on for a successful PCI DSS self-assessment within healthcare
  • Ideas on who in your organization needs to be included and the key departments for your organization's PCI DSS compliance focus
  • Insights on how PCI DSS compliance relates to HIPAA security rule compliance
  • Sample wording and areas to address in a credit card handling policy
  • Suggestions for employee training
  • Tips for developing a basic project plan
  • References to resources for additional information

Around the Network