healthcaretechoutlook

PCIHIPAA: Pathway to PCI and HIPAA Compliance

 Jeff Broudy, CEO
Patient data security and privacy are of utmost priority when it comes to the healthcare industry. HIPAA regulations continue to evolve with advances in technology. Along with HIPAA, Payment Card Industry (PCI) compliance also puts demands upon medical and dental practices to protect patient credit card data. Befitting its name, PCIHIPAA mitigates the breach of compliance pertaining to both PCI and HIPAA for medical and dental practices. PCIHIPAA delivers easy and affordable solutions to quickly help practices mitigate risks surrounding compliance requirements and patient data breach vulnerabilities.

PCIHIPAA acts as a trusted advisor and partner by providing turn-key solutions that reduce the infringements of compliance facing healthcare providers. "We make compliance easy and affordable, while mitigating risks associated with non-compliance and data breach protection. We understand that running a successful practice is hard and many practices don’t have the resources to properly address the key vulnerabilities associated with protecting and securing patient information." states Jeff Broudy, CEO, of PCIHIPAA. The company has quickly become the fastest growing HIPAA compliance company serving small to mid-size medical and dental practices across the United States. It has developed a phenomenal product- market fit with its launch of OfficeSafe™. OfficeSafe™ is a customized compliance portal that helps practices save time and money by streamlining the required HIPAA administrative safeguards. It includes customized policies and procedures, online employee training and quizzes, business associate management, emergency response planning, patient authorization documents, and a HIPAA checklist to document progress and proof of compliance.

PCIHIPAA also provides financial indemnity in case of PCI or HIPAA non-compliance fines or costs associated with a patient data breach.

We make compliance easy and affordable, while mitigating data breach risks at the earliest


Broudy adds, “No matter what safeguards you take, there still are risks. That’s why we include financial indemnity, just in case. We become our client’s incident response team in case of a breach, audit or loss. The financial indemnity piece of our program helps financially to keep practices operating while dealing with a breach or audit.” Penalties and fines associated with HIPAA non-compliance, and costs to replace stolen credit card numbers are not covered under the general liability policy of a practice.

PCIHIPAA also helps practices with the mandatory HIPAA risk assessment requirement. Their HIPAA Risk Assessment tool provides practices with a benchmark of their existing compliance vulnerabilities. The practice receives a risk score and then PCIHIPAA reviews the assessment and helps practices determine suitable precautionary solutions to mitigate risks.

One of PCIHIPAA’s pillars of success is to create “ACE” (Amazing Customer Experiences). Not solely with their technology, but through every client interaction. For example, once a practice signs up for their OfficeSafe™ compliance program, PCIHIPAA’s Customer Care team will work with the HIPAA Privacy and Security Officer to implement compliance and data protection solutions. This may include private trainings on OfficeSafe™, PCI certification implementation, and/or data backup and e-mail encryption installations. “Every interaction is an ACE opportunity for our team,” says Broudy.

Customer driven innovation is another key pillar of success for PCIHIPAA. As an example, they created an easy to use Business Associate Agreement tool to help practices execute and manage BA Agreements. The tool was 100 percent designed based on customer feedback. PCIHIPAA plans to innovate and prioritize based on customer needs, and is currently working on solutions to automate the execution of patient authorization forms required under HIPAA.