The Coffey Blog

Healthcare websites: What to know about PCI compliance

Posted on: Monday, June 17, 2019

The Coffey Team

You've likely heard the news stories about the theft of consumers' credit card information from major retail brands. While the direct financial loss for those affected consumers may be small, the damage done to the brand's reputation is huge. But it's not just traditional retailers who can be targets of payment fraud—healthcare organizations can also be vulnerable.

To combat the problem of electronic payment fraud, organizations follow a set of rules known as the Payment Card Industry Data Security Standards—or PCI compliance.

What is PCI compliance?

PCI standards are a set of policies—for merchants, banks, online vendors and anyone else who accepts or processes electronic payments—to help prevent the theft of cardholder data. The goal is to give consumers peace of mind that their financial info is safe.

If any part of your healthcare website accepts or processes payment cards, PCI standards apply to you.

3 things to know about PCI compliance

1. Your IT department will manage it, but marketers have a role too. Reaching PCI compliance is something your IT staff will likely oversee. But they'll need your cooperation to make it happen. As your website evolves and you make updates over time, you can help your IT team by ensuring that the site maintains PCI compliance at every step along the way.

2. You need regular PCI testing. PCI compliance must be tested regularly. And noncompliance can result in fines. Your organization's PCI compliance should be documented and recertified at least quarterly.

3. You should work with PCI-certified website vendors. Your website vendor should have procedures in place to ensure your site passes the rigorous PCI compliance tests. When choosing a vendor for your hospital website design, be sure to ask how they handle PCI compliance.

It's vital that the host of your website and any merchant payment processors provide you with certification of their PCI compliance. It's the only way to be sure your patients and donors are protected.

We can help

If you need a PCI-certified web hosting service, you've come to the right place. We design and host hospital and health system websites with PCI compliance in mind. To learn more about our PCI expertise, email us or call 888.805.9101.

Related reading

Forms and healthcare websites: A perfect match
Healthcare website design: How to make your services directory user-friendly
4 reasons site speed matters