Trend | Privacy and HIPAA

Consequences of PCI Noncompliance

Trend | Privacy and HIPAA

Consequences of PCI Noncompliance

Healthcare finance leaders should understand that the consequences of noncompliance with the PCI standards for security of credit card information can be severe.

The Payment Card Industry (PCI) Security Standards Council offers a brief description of how extensive the consequences from noncompliance with its standards can be in terms of fines levied by banks and credit card companies, and of the consequences of data breaches that might occur even if a company is 100  percent PCI compliant. The council notes that fines incurred from noncompliance with PCI standards can range from $5,000 to $500,000.

The council offers the example of Visa, which uses a time-cost table that levies fines based on the category of the noncompliance (i.e., Level 1 or Level 2) and its duration. For example, Level 1 noncompliance occurring fo three months or less would incur a fine of $10,000 monthly, whereas Level 2 noncompliance for the same period would incure a fine of $5,000 monthly. At the highest level, where Level 1 noncompliance persists for seven months or more, the fines would amount to $100,000 monthly.

The council also lists the possible consequences to a company from a cardholder breach that occurs despite the company’s being 100 percent compliant with the PCI standards. For example, under such circumstances, the company could be subject to a $50 to $90 fine per cardholder data compromise; a compromised reputation among customers, suppliers, and partners; possible civil litigation from customers who experienced the breach; and a loss of customer trust which effects future sales.


Related Articles | Privacy and HIPAA

How To | Privacy and HIPAA

5 ways to drive patient privacy law compliance from within your organization

While it makes sense to protect patients’ health-specific data, social security numbers and home addresses from external threats, the most significant threats to patient privacy laws are on the inside.

Article | Healthcare Legal

Addressing unclaimed property challenges

Healthcare providers increasingly are being audited for unclaimed property.

How To | Compliance

5 steps to becoming HIPAA compliant

Healthcare organizations that qualify as HIPAA covered entities should take five steps when developing a compliance program designed to meet their obligation under HIPAA to safeguard patients’ protected health information.

How To | Compliance

How to avoid the devastating consequences of HIPAA noncompliance

The potential costs of being found noncompliant with HIPAA are too great for a healthcare provider organization not to have in place a compliance program designed to help safeguard patients’ protected health information.