Trend | Privacy and HIPAA

Consequences of PCI Noncompliance

Trend | Privacy and HIPAA

Consequences of PCI Noncompliance

Healthcare finance leaders should understand that the consequences of noncompliance with the PCI standards for security of credit card information can be severe.

The Payment Card Industry (PCI) Security Standards Council offers a brief description of how extensive the consequences from noncompliance with its standards can be in terms of fines levied by banks and credit card companies, and of the consequences of data breaches that might occur even if a company is 100  percent PCI compliant. The council notes that fines incurred from noncompliance with PCI standards can range from $5,000 to $500,000.

The council offers the example of Visa, which uses a time-cost table that levies fines based on the category of the noncompliance (i.e., Level 1 or Level 2) and its duration. For example, Level 1 noncompliance occurring fo three months or less would incur a fine of $10,000 monthly, whereas Level 2 noncompliance for the same period would incure a fine of $5,000 monthly. At the highest level, where Level 1 noncompliance persists for seven months or more, the fines would amount to $100,000 monthly.

The council also lists the possible consequences to a company from a cardholder breach that occurs despite the company’s being 100 percent compliant with the PCI standards. For example, under such circumstances, the company could be subject to a $50 to $90 fine per cardholder data compromise; a compromised reputation among customers, suppliers, and partners; possible civil litigation from customers who experienced the breach; and a loss of customer trust which effects future sales.

Advertisements

Related Articles | Privacy and HIPAA

Article | Value-Based Payment

Healthcare financial teams need accounting software that delivers clear, measurable results to navigate today’s challenges

One company uses its cloud-native financial accounting system to provide acute, ambulatory and post-acute organizations with data to solve their most complex challenges, focus on strategic initiatives, increase efficiency and drive growth.

Fact Sheet | Electronic Health Records

ONC 21st Century Cures Act Final Rule Summary

HFMA has summarized the ONC final rule implementing provisions of the 21st Century Cures Act.

Fact Sheet | Electronic Health Records

ONC 21st Century Cures Act Final Rule Announcement Summary

HFMA summarized the announcement of ONC final rule implementing provisions of the 21st Century Cures Act.

How To | Privacy and HIPAA

5 ways to drive patient privacy law compliance from within your organization

While it makes sense to protect patients’ health-specific data, social security numbers and home addresses from external threats, the most significant threats to patient privacy laws are on the inside.