The PCI DSS (V3.2.1) certification for Access Healthcare’s payment card processing centers and IT/Infrastructure operations has been successfully extended for another year. The audit, recently concluded by the industry-leading certification authority, TUV SUD, confirmed the organization’s total compliance with all significant requirements prescribed in the PCI DSS standards.
Significance of PCI DSS
PCI DSS refers to the Payment Card Industry Data Security Standard that defines security controls to protect payment card information from theft and misuse. It applies to all entities that process card transactions to verify that the provider upholds the highest data security and privacy standards.
This certification is crucial for Access Healthcare to process patient payments and deliver other revenue cycle processes in a secure, compliant manner. The certification enables us to assure our customers that:
Our Cardholder Data Environment (CDE) offers adequate protection for cardholder data
Access Healthcare effectively manages any risk of payment fraud through technical safeguards and effective staff training.
Elements of the standard
The PCI: DSS information security standard defines requirements related to the following:
Security management
Policies and procedures
Physical security
Network architecture
User access management
Network and systems monitoring
Importance of Credit Card Payment Security in the Revenue Cycle
With rising consumerism, patients are now adopting self-pay and high deductible health plans (HDHPs) and emerging as key payers. As patients become increasingly responsible for healthcare payments, the usage of credit cards to pay healthcare bills is increasing. Payments for care received can be made in multiple ways, through a card payment device at the point of care, a customer service phone call, or an online patient portal. Each of these payment modes has different security risks which need to be mapped through effective processes. Staff training – both service provider and the provider facility’s administrative personnel – must be trained on secure card processing.
For secure payments, it is necessary for the service provides to meet the following requirements:
All devices (laptops/desktops/servers/phones), software, and policies are compliant with the PCI-DSS requirement for credit card data storage, usage, and transmittal.
Ensure that all solutions/software in use meet the compliance norms.
Utilize advanced techniques such as vulnerability assessment and penetration testing to assure security against evolving threats.
Continuous monitoring of compliance
For ensuring continuous compliance by all organizations that accept, process, store, or transmit credit card information as part of their business, the certification includes clauses for annual audit and verification of all the controls and system elements. Authorized practitioners from leading certifying agencies such as TUV SUD conduct the certification audit.
Access Healthcare first gained PCI DSS certification in 2019, post which it has been renewed on an annual basis by demonstrating continuous compliance with all information security and system requirements. In addition to the PCI DSS 3.2.1 certification, Access Healthcare is HITRUST CSF, ISO 9001:2015 and ISO 27001:2013 certified, is SOC 1 Type 2 audited, and fully compliant with HIPAA standards.
Our call center facilities in the Philippines as well as our IT/Infrastructure operations in India listed below are covered in this certification:
One World Square, Manila (Site 1)
Commerce and Industry Plaza, Manila (Site 2)
Venice Corporate Centre, McKinley Hill, Manila (Site 3)
Headquarters, Ambattur, Chennai (HQ)
Kosmo One, Ambattur, Chennai (KO)
To learn more about how our PCI:DSS compliant processes can help you with self-pay and patient payments