PCI compliance: 3 things healthcare marketers need to know
Is your hospital website keeping patients' financial data safe? Here's why it matters to marketers.
The Coffey Team
Electronic payment security may not seem like a healthcare marketer's wheelhouse. But as a primary stakeholder in your hospital website, there are a few things you need to understand about the Payment Card Industry Data Security Standards—or PCI compliance.
1. It's about trust. You've likely heard the news stories about the theft of consumers' credit card information from major retailers. While the direct financial loss for those consumers may be small, trust in a brand can take a big hit from that kind of negative publicity.
The PCI standards are a set of policies—for merchants, banks, online vendors, and anyone else who accepts or processes electronic payments—to help prevent the theft of cardholder data. The goal is to give consumers peace of mind that their financial info is safe.
Fraudulent credit card charges are the last thing you want patients to take away from their experience with your hospital. So if any part of your hospital website accepts or processes payment cards, PCI standards apply to you.
2. IT will oversee it, but your input matters. Reaching PCI compliance on a hospitalwide basis is something your IT staff will oversee. But they'll need your cooperation.
PCI compliance must be tested regularly. And noncompliance can result in fines. As your hospital website evolves, you can help IT by ensuring that the site has achieved and maintains PCI compliance at every step along the way.
PCI compliance should be documented and recertified at least quarterly.
3. PCI is key when choosing a hospital website vendor. Your website vendor should have procedures in place to ensure that your site passes the rigorous PCI compliance tests.
When choosing a vendor for your hospital website design, be sure to ask how they handle PCI compliance. It's vital that the host of your website and any merchant payment processors provide you with certification of their PCI compliance. It's the only way to be sure your patients and donors are protected.