Healthcare Merchant Services

5 Keys of HIPAA and PCI Compliance

Two important topics we review with our medical office and medical professional clients are the safety and security of data and information needed for credit card processing. In this blog, we address 5 keys of HIPAA and PCI compliance. These topics are not just associated with accepting credit card payments, but they are essential for payment processing by businesses that operate within the medical industry.


While related, HIPAA relates to patient information and medical records to maintain a person’s privacy and PCI relates to patient (and customer) financial records and data.

HIPAA = Health Insurance Portability and Accountability Act

This is a federal law that went into effect in 1996 and relates to both paper and electronic transfer and handling of medical and health information. Medical and healthcare practitioners must follow all HIPAA guidelines regardless of how a related financial transaction is handled.

PCI = Payment Card Industry

The PCI Council is an international forum that brings together stakeholders to ensure payment data security by establishing standards, offering educational resources, and making training available to support their mission.

These two critical aspects of privacy for patients are related because they can both be breached under similar conditions.

These 5 topics need your focus – and everyone in the business must be aware of them.

  1. Keep information secure, including encryption of data.
  2. Train employees to handle information properly.
  3. Turn off lost devices; keep them password or pin protected against unapproved access to a device.
  4. Information is private – either medical or financial.
  5. Dispose of information or records properly.

PCI Compliance and Healthcare

PCI compliance and healthcare businesses go hand in hand. While the industry requires HIPAA compliance, following best practices for one lends easily to the other with the right software, hardware and protocols in place.

As part of TransAct merchant services support, we offer training for both owners and employees of medical offices. Whether the office manager or clinicians need to accept payment from a patient, they can do so following safe credit card and payment practices. We want to help businesses do everything they need to do to remain compliant in both areas – PCI and HIPAA – for security and compliance.

Learn more here or schedule a brief call to discuss how best to maintain compliance in your medical office or practice.