Protect Your Cash Flow and Reputation

Understand the basics of credit card processing compliance for medical offices

2019 is off to a fast start for health data breaches. According to, the Q1 2019 Health Data Breach Report in January 2019 had 490,937 healthcare records exposed, stolen or impermissibly disclosed. How does this affect healthcare credit card transactions? Credit card information is covered under HIPAA and in some systems is part of patient records. Therefore, secure and compliant credit card transactions are essential to overall data security.

Rules and regulations that impact healthcare credit card processing

Health Insurance Portability and Accountability Act (HIPAA)
Many people have heard of HIPAA but don’t realize how expansive the law really is. Not only does it cover protected health information (PHI) such as names, addresses, birthdates, and diagnosis, it also encompasses electronic transactions and defends against identity theft. Every practice that accepts government payers needs to have a HIPAA compliance officer in place who ensures employees are trained, and policies are put in place, to protect patient privacy.
Learn more about HIPAA compliance.

Payment Card Industry (PCI) Data Security Standards (DSS)
These industry standards ensure that information exchanged in a credit card transaction is kept secure. Any healthcare organization that accepts credit card payments needs to demonstrate PCI compliance, even if their payment systems encrypt data and do not store any payment information on-site. Failure to demonstrate PCI compliance may result in fines leveraged on your merchant account.
Learn more about PCI compliance.

Various rules and regulations by government and industry bodies
There are multiple parties invested in credit card processing and security, and it is critical to stay current with the latest mandates to avoid fines and liability expense. For example, the IRS recently announced that healthcare providers must report their gross annual card payment transactions processed by third parties to their merchant services providers, who in turn report it to the IRS. Since there are so many potential sources of new statutes, we recommend partnering with a credit card processing partner that has a proven track record of keeping clients compliant with all industry, state and federal regulations.
Learn more about additional regulations.

Protecting credit card transactions

Knowing the rules of compliance and security rules are one thing – using the right tools to thwart data breaches and fraud is another. Your credit card processing partner should utilize the latest technology to keep your data, and your practice’s reputation, safe. Some security measures to look for from a potential partner include: