Hospitals Accepting Plastic Must Comply with PCI DSS
DATA PROTECTION—U.S.April 19, 2011
Last month's settlement between the Massachusetts attorney general and a restaurant company for $110,000 should serve as a reminder to healthcare privacy and security officials, HealthLeaders Media reports. Entities that collect credit cards are required to protect that information from theft--including healthcare entities. "I think healthcare organizations--and many others--are still unaware of PCI DSS," said Kate Borten, president of the Marblehead Group. "The security requirements are...simply good practice." The Payment Card Industry Data Security Standard requires organizations that accept credit cards to build and maintain a secure network, encrypt cardholder data transmissions and regularly update antivirus software, among other mandates.