Type of Practice: Single Physician Medical Practice
Situation: The single physician practice you advised on HIPAA has been operational for six months. Since opening, in addition to medical insurance payments, the practice only accepted cash or checks payments from patients. The physician now wants to add credit card payments as a payment option. The physician is concerned about the safe handling of cardholder information and wants to establish a security payment-card process. The physician does not know about the PCI Data Security Standard. The physician hired you again to create a credit card payment program that is secure and in compliance with necessary federal requirements.
Answer the Following: (Use Topic Headings)
What would you do?
How would you advise the physician about security policies associated with payment cards and data security standards?
What security practices are involved?