Skip to main content

Practice Guide for Completing PCI Compliance

SigmaMD Support
  • Updated

Ensuring the security of payment card data is paramount for healthcare practices. Completing Payment Card Industry Data Security Standard (PCI DSS) compliance can be daunting, but it's vital for protecting patient information and your practice’s reputation. Here is a step-by-step guide on how to achieve PCI compliance using the resources provided by USPay and SigmaMD.

Accessing the PCI Compliance Portal

The initial step towards PCI compliance involves accessing the right tools and resources. Your practice administrator will receive an invite from USPay to join the compliance portal at ComplyWithPCI.com. Ensure that this invite is followed promptly to begin the compliance process.

1. Completing Your Business Profile

Here are detailed tips to assist you in accurately completing the business profile questionnaire:

  • Assessment Method: select "Guide Me".
  • Relationship with Third-Party Service Providers: answer "Yes", and enter SigmaMD, USPay, and Priority Commerce.
  • Payment Related Services: answer "No".
  • Payment Processing Methods: select "Virtual Terminal" and "Ecommerce".
  • Virtual Terminal: select "Manual Entry ONLY".
  • Shopping Cart: choose "Entire Internet Presence Outsourced".
  • Credit Card Number Storage: select "No".
  • Third Party Managed System Service Providers: select "Yes" and provide a list of your third party system service providers if any; otherwise answer "No".
  • Other Third Party Service Providers that may impact cardholder data security: answer "No".
  • Qualifications: answer "No" to remote admin access, and "No" to wireless network connected to cardholder data environment.
  • Password Policy: select "Yes", and make sure you meet these requirements.

Once you complete the questionnaire, a green checkmark will appear next to your business profile, along with the SAQ type D (A, C-VT). This confirms that your business profile has been successfully completed.

2. Completing the Security Assessment

The security assessment consists of approximately 50 questions. Review each question carefully and select “Yes” if applicable. For questions that are not relevant, choose “N/A” and provide a brief explanation.

After completing the questionnaire, a green checkmark will appear next to your security assessment, along with the attestation date. This indicates that your annual security assessment has been successfully completed.

Achieving PCI compliance is a critical step for any healthcare practice handling payment card information. By methodically following the outlined steps and accurately completing the PCI DSS self-assessment questionnaire, your practice can ensure the security of cardholder data and comply with industry standards.

If you encounter any difficulties, please reach out for support.

Related articles

Comments

0 comments

Article is closed for comments.