Credit Card Self-Assessment Questionnaire
Many of the payments that offices collect from patients are credit card payments. If your office does not accept credit card payments, this does not apply to you, but for the rest credit cards are another form of patient identifying information (PII). Each credit card number is unique to the person who owns the card. That makes credit card information PII. (42 CFR § 2.11) Under HIPAA your office needs to protect that credit card information. Beyond HIPAA, your office needs to protect credit card information under PCI Security Council standards. If your office is compliant under PCI Security Council standards, then your office is taking the steps required to protect the information collected from credit card payments under HIPAA. To be PCI compliant as well as HIPAA compliant, your office needs to contact your credit card processing company to determine if your office needs to complete a Self-Assessment Questionnaire (SAQ) and complete it as required.
In TLD Systems we provide the tools to track if you have contacted your credit card processing company regarding the SAQ and the most recent date you’ve completed the SAQ.
Update Your Web Browser
Just like any piece of software, you need to keep your web browser up to date. We’ve discussed the importance of keeping the Operating System up to date and what may happen if it is not kept up to date but hackers and malware can also exploit security holes in browsers. This is the reason that browsers such as Google Chrome, Firefox, Microsoft Edge, and Apple Safari release updates and notify users to update their browser. When you receive this notification, you should update your browser. (Learn more about the importance of keeping your browser up to date)
Remove Cell Phones from Office Network
It often seems that we can no longer get by without our cellphones. Not only do they function as telephones, they are mini computers, music players, calendars and more. These devices connect us, entertain us, and assist us in managing our lives. A cellphone has many purposes, but it is important to acknowledge the risk they pose. Just recently dozens of individuals’ iPhones were compromised by spyware that attached to an iMessage and automatically installed itself on the iPhones. The spyware was able to access microphone, photos, messages, passwords and more. (Learn more) Given the security risk cell phones can pose, your office should evaluate what cellphones are connected to the office WiFi or get plugged into computers to transfer data or charge the device. Then ask yourself, does this device need to be connected to the WiFi or the computer for work purposes? If the answer is no, the device should no longer be connected to the devices or network. If the answer is yes, your office should evaluate if the risk posed by the cellphone is a risk your office is willing to accept.
For more information on how we can help your office be HIPAA Compliant, call (631) 403 6687 or email email@example.com.