The two traditional ways to achieve PCI compliance are costly, onerous, and in some cases outdated:
• Complete Enterprise Audit: Hospitals can leave their existing network as is, but must audit every single touch point (from handheld devices used by staff all the way up to the CEO’s laptop) on the existing network for vulnerabilities and breaches. The cost of this option is prohibitive for most health care facilities and systems.
Ad Statistics
Times Displayed: 134286
Times Visited: 7699 MIT labs, experts in Multi-Vendor component level repair of: MRI Coils, RF amplifiers, Gradient Amplifiers Contrast Media Injectors. System repairs, sub-assembly repairs, component level repairs, refurbish/calibrate. info@mitlabsusa.com/+1 (305) 470-8013
• Network Segmentation: To ensure the protection of credit card data, hospitals must segment their network, meeting PCI-DSS only on the segment where credit cards are processed and transmitted. In effect, hospitals end up conducting credit card payment processing on an
entirely separate network from ordinary operations, including email.
The costs of this option likely include an FTE to manage the segmented network: maintaining firewalls, securing configurations, protecting stored data and data in transit, restricting access, etc. Additionally, the ongoing maintenance typically costs upward of $300,000 per annum. After these investments, hospitals will still need to undergo a yearly audit of more than 300 questions (the Self-Assessment Questionnaire, Level D). Finally, an outside auditor is necessary to validate that SAQ.
A better way emerges
OnPlan Health and Bluefin Payment Systems’ PCI-validated P2PE solution avoids the outlays associated with complete enterprise audits and the recurring costs of maintaining network segmentation. Time-strapped health care IT departments can deploy the solution quickly on any payment application and save time and money on simplified annual audits (answering only 14 questions, down from more than 300); hospital CFOs, CSOs, and CIOs will gain the singular assurance that their technology has been vetted and approved by the PCI Security Standards Council (PCI SSC), thus shielding them from potential fines or penalties.
David King, OnPlan’s chief technology officer, explains, “The great thing about this solution is that it improves in significant ways the security promised by older approaches: PCI-validated P2PE secures card transactions by encrypting all data within a PCI-approved point-of-entry swipe or keypad device, preventing clear-text cardholder data from appearing in the device or in the merchant’s system, where it could be exposed to malware.”
With the unique combination of BlueFin's Decryptx solution and OnPlan's Universal Token (UToken), card data is securely captured during the initial transaction and then stored by the provider as a value — or “token” — for use across any merchant within their ecosystem. This solution not only reduces the number of requests for a patient’s credit card data, significantly minimizing the risk of card theft, but also provides ease of use and convenience for future transactions.
