MENU MENU. MSP HIPAA compliance best practices. The following is a more specific list of who needs to be HIPAA compliant: Covered healthcare providers (hospitals, clinics, regional health services, individual medical practitioners) that carry out transactions in electronic form. Sensitive information is not held on your premises or stored on. Several overlap with those required to meet GDPR, HIPAA and other privacy mandates, so a few of them may already be in. To understand how to facilitate HIPAA-compliant credit card processing, it’s important to know whether or not HIPAA considers payment processors as business associates. iFax also offers paid subscriptions with free trials. We keep PHI safe by storing all patient payment data in a secure, encrypted vault that is protected by layers of industry-leading, state-of-the-art technology. Read more. PayPal. The Office of Civil Rights (OCR) found that the practice didn’t conduct a risk analysis report after a breach from one of the practice’s business associates. 5 in our Best Credit Card Processing Companies of 2023. If you run PCI-compliant or HIPAA-compliant workloads that are based on the AWS shared responsibility model, we recommend that you log your CloudFront usage data for the last 365 days for future auditing purposes. When we talk about credit cards, we have to talk about a lovely thing called “PCI DSS. #payment #finance #healthcare Keenethics on LinkedIn: HIPAA-Compliant Credit Card Processing Practices | KeenEchicsThere is disagreement about the best HIPAA compliant password policy to implement, including the format of passwords and the frequency of password changes and the best way of securing them. If data is encrypted: here’s what you’re allowed to store: PAN (Primary Account Number) (e. The hacking of a credit card processing system has prompted a Texas hospital to notify federal regulators and nearly 48,000 affected individuals of a breach as required by the HIPAA Breach. HIPAA Journal's goal is to assist HIPAA-covered entities. Payment Card Industry Data Security Standard (PCI DSS) compliance applies to merchants and services providers that process, store, or send credit card data. PCI Compliance Level 1: This level applies to large businesses that process roughly six million credit card transactions annually. Protect Cardholder Data. it offers one flat rate for all major cards, just 2. PCI DSS is mandated by the Card Schemes and administered by the Payment Card Industry Security Standards Council. 1. 4. Merchant Level 4: Less than 20,000 transactions a calendar year. FREE TRIAL No credit card required. , CPA, IT provider, billing services, coding services, laboratories, etc. No plugins, no passwords, no extra steps. g. How to Select a HIPAA-compliant Survey Tool. There are important HIPAA and other privacy issues to keep in mind, and processing fees to consider. Clover POS: Best For Sophisticated Processing Hardware. was $199,200, which means your medical practice credit card processing fees over 30 years would add up to nearly four one-family homes. 335. 9% uptime. 95/month account fee (interchange-plus plans) Month-to-month. There is no one “right” answer. Our ratings consider factors such as transparent pricing. Successfully implementing HIPAA-compliant payment processing, such as Dental Intelligence's payment solution, will keep your patients' private information secure. 9% plus 30¢ per transaction. , John Smith) Expiration date (e. The next step is to fix any errors that emerge through that evaluation process. 99. S. These PCI requirements are set by the Payment Card Industry Data Security Standard (PCI DSS) and are managed by the PCI Security Standards Council (PCI SSC). Unlike many file storage services, Files. Level 2: Businesses that process. Credit card processing services are explicitly excluded from the requirements of HIPAA. Automated invoicing. The biggest advantage of Simply. Validation of compliance is performed annually, either by an external qualified security assessor (QSA) or by a firm-specific. Whatever entry method you choose, our system securely stores all credit card data on a PCI-compliant server. View a comparison of the best HIPAA Compliant Email software in 2023. Excellent system with complete customization: Caspio. PCI DSS is a multifaceted security standard that includes requirements for security management, policies and procedures, network architecture, software design, and other critical. PCI DSS was created to increase controls around cardholder data to reduce credit card fraud. In addition to finding a secure survey provider with the features listed below, you’ll also need to have your vendor sign a Business Associate Agreement (BAA). Ivy Pay helps you charge a client's card on file for seamless payments that are easy and confidential. A company that uses a third-party payment processor must still comply with PCI standards. We use a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected, which. Practice Management $ 74. Stax is the No. Stripe: Best for Omnichannel Businesses. PCI compliance – a set of credit card processing security standards – is another area of confusion for small business owners. Health records are 10 to 20 times more valuable on the black market than US credit card numbers with the three-digit CVV code. PayPal was not the first to provide online billing and payment services, but they are the world’s most widely used; in 2020, they processed over $936 billion in payments. g. Payments by credit cards have higher chances of information leak if your financial processing system is not secured by HIPAA compliance. This means businesses of all sizes, from a corner coffee shop to a multinational designer. Payment processing. You can’t use just any invoicing software for this. batch payments. Phishing e-mails, credit card data breach, stolen laptops, patient data leakage, etc. 2 The Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality, integrity, and availability of e-PHI. Credit card. Your first priority at this point in time is to isolate the affected system (s) to prevent further damage until your forensic investigator can walk you through the more complex and long-term containment. (Even if you only process two credit card transactions per month, you must comply with PCI requirements. g. PCI employs a continuous three-step process to achieve and maintain security compliance. The link between HIPAA and credit card processing. Use HIPAA-compliant forms to gather the financial information you need for billing and payment processing. After evaluating dozens of products, we’ve identified the eight best HIPAA-compliant CRM software: Best overall: Freshsales. ” The Payment Card Industry Data Security Standard (PCI DSS) requirement 11. 1. Best-in-class customer Support. PayPal is a veteran in the online payments industry, making it easy for businesses to register and accept payments online quickly. Responsibility to client security is paramount and deeply engrained in Fineline’s employee culture. Coach is a HIPAA-compliant practice management software for therapists and counsellors as well as enterprises that helps you run your practice the way you want to – in-person, online, or both. So it’s vital that your business never use its merchant. Payment Depot: Best for High Transaction Volume. They set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions. a robust client portal, online scheduling, billing, credit-card processing, free appointment reminders, calendar sync, and so much more. View the best Telemedicine software with HIPAA Compliant in 2023. Put another way, if the. Please contact the Cashier Services at (617) 353-3896, or via via the new Financial Affairs Customer Service Portal, for further information regarding Cashier System. 9% plus 30¢ per transaction. PCI compliance is the term used to ensure that you are meeting security standards when accepting payments. Search for HIPAA-compliant credit card processing? Here’s what him need into know about healthcare payments & HIPAA, extra the 7 best options. The latter certifies Interfax’s compliance in processing, storing, and transmitting credit card information. These PCI requirements are set by the Payment Card Industry Data Security Standard (PCI DSS) and are managed by the PCI Security Standards Council (PCI SSC). There is a $10,000 penalty per violation, an annual maximum of $250,000 for repeat violations. Be sure to consult with the POS provider about a BAA. We reviewed 15 companies using a weighted methodology to help you find the 10 best credit card processing companies for small businesses. Skip to content. So some overlap does exist between the two standards, but SOC 2 applies to a far larger number of. com supplies customers with a Business Associate Agreement to enforce HIPAA compliance. , one of the largest providers of dental insurance in New York state, has announced that the email account of an employee was compromised in a phishing attack on November 24, 2021. Documentation. Payment card industry compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted. Features & Benefits We considered critical features and tools in our comparisons, such as seamless software integrations, efficient data exports, streamlined invoicing. TheraPlatform has been the best of all worlds! Reasonably priced, effective HIPAA compliant teletherapy, intuitive charting options, and available in-system. We’ll look at HIPAA compliant credit card processing in the next section. 5% between 2023-2030, professionals across various specialties are using HIPAA-compliant video conferencing. HIPAA Compliant. As of November 2019, Square updated its pricing as follows: For in-person transactions, Square charges you 2. , John Smith) Expiration date (e. The third requirement of PCI DSS compliance is a two-fold protection of cardholder data. Get the #1 HIPAA-compliant EHR and practice management software. It's the instant pay option exclusively designed for therapists. The best HIPAA-compliant payment processing providers are PaymentCloud, Host Merchant Services, Helcim, Square, Dharma Merchant Services, Chase. Maintaining HIPAA and PCI compliant payment processing can be a major headache, but failure to. The HIPAA Security Rule specifically focuses on the safeguarding of. If you provide a credit card number to purchase a service, it is turned into a secure token by our credit card processing company. Accounts and More. Additionally, if Protected Health Information (PHI) is secured too much, it can prevent the flow of information needed to perform treatment, payment, and healthcare. 5 million. 5 in our rating of the. 3 specifies that the 16-digit Primary Account Number (PAN) should be masked when displayed. SenditCertified offers secure, biometric-enabled, email services free of charge for 14 days. Verify the customer – make sure they are an. The law has been updated several times since, such as in 2009 with the passing of the Health Information Technology for Economic and Clinical Health Act (HITECH), which added a new penalty structure for violations and made Business Associates directly liable for data breaches attributable to non. More about what is Considered PHI under HIPAA. Some solutions, such as Ivy Pay, offer clients the ability to pay using their health savings account (HSA card) or flexible spending account (FSA card). Here are some of the best practices for effective HIPAA compliance: 1. Here is the list of the best HIPAA compliant solutions: Files. Minimizing scope reduces vulnerabilities and decreases the administrative burden associated with being PCI compliant. Best marketing capabilities: Zoho CRM. How DLP helps meeting HIPAA complianceCredit card processing is the foundation of any retail business. Take the following steps to make data breaches as unlikely as possible: When you process a patient’s. On the surface, they do offer the convenience of credit card processing, keeping a customer’s card on file, HIPAA-compliant video conferencing, and invoicing software on just one platform. Compare Quotes. 1952. Payment processing. 99% guaranteed. HIPAA certification programs are taken once or as needed to learn new skills or stay up-to-date on HIPAA changes and trends. Using the following methods can help you make your payment systems safer: Collect financial information securely. Simply. HIPAA Administrative Simplification Frequently Asked Questions July 14, 2022 Guidance Letter 2022-04 - Health plans’ payment of health care claims using Virtual Credit Cards (VCCs) and adopted Health Insurance Portability and. HIPAA law requires covered entities to. While consumers are using different and more ways to pay for goods, especially through fast-growing contactless payments, small. Easy Credit Card Data Entry. We call these entities. There are three sets of requirements included in the HIPAA Security Rule. Our HIPAA compliant payment processing are designed to provide you with everything you need to accept payments seamlessly and. Feedback. Payment card industry (PCI) compliance refers to the technical and operational standards that businesses must follow to ensure that credit card data provided by cardholders is protected. Note: this is a long post about untested legal issues. Stripe: Best for omnichannel businesses. g. 1 credit card processing service in our ratings of the Best Credit Card Processing Companies of 2023 and the Best Credit Card Processing Companies for Small Businesses of 2023. PCI DSS overview. 1952. Unlike many file storage services, Files. Limited security options as transmission is through a telephone line. Stripe Payments: Best Online Credit Card Processing For Payment & Checkout Support; 5. TranscribeMe is a HIPAA-compliant transcription software known for its fast and accurate transcription services that cater to health care professionals and institutions. It also offers features like revenue dashboards, workflow management, and real-time translation. Looking for HIPAA-compliant credit card processing? Here’s what you need to know about healthcare payments & HIPAA, benefit the 7 best options. Store and process credit cards. Try it for free. Some medical offices require patients to pay in person by swiping credit cards or HSA (Health-Savings Account) cards through a terminal. Please contact the Cashier Services at (617) 353-3896, or via via the new Financial Affairs Customer Service Portal, for further information regarding Cashier System. When a healthcare organization stores ePHI in the cloud, the CSP is considered by law to be a business associate, which means you’re required to enter a contract with the CSP that outlines its legal obligations under HIPAA. MENU MENU. 2. One of the most popular ways to pay for medical expenses is through credit cards. It is essential to protect and secure personal. Stax is a great option for established small businesses with high annual revenues. Research your credit card processor’s PCI compliance. com EDITOR’S CHOICE A file storage, sharing, and transfer service that is HIPAA compliant. Just secure HIPAA-compliant email for senders and recipients. Personal health information is secured with industry-leading HIPAA Compliance. The HIPAA Security Rule specifically focuses on the safeguarding of. To log. Already a member? Login. This means consumers have the right for their credit reports to be private and include only accurate information. The U. HIPAA regulates the handling of personal health information (PHI), so it’s essential to ensure that any credit card processor you use can handle. Leaders Merchant Services – Negotiable pricing model for healthcare practices backed by a money-saving guarantee. More about what is Considered PHI under HIPAA. The processor’s fee is the same for all in-person credit card payments and typically averages 2. The HIPAA Rules, including the business associate provisions, do not apply to banking and financial institutions with respect to the payment processing activities identified in §1179 of the HIPAA statute, for example, the activity of cashing a check or conducting a funds transfer. Great for managing healthcare operations: SimplePractice. The classification level determines what an enterprise needs to do to remain compliant. Customize the look and capabilities of the system to best suit your practice. You won’t find anything else this good at this price point. The PCI Security Standards Council established a 12-item checklist for PCI compliance (more on that below). The PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements for all retailers who accept credit or debit cards. A HIPAA-compliant CRM can automate appointment scheduling, reminders, and follow-ups. Call Sales at 1-877-843-5690 or. October 18, 2023 Inside this Article Finding the right credit card processor is challenging for any business, but if you’re in the healthcare sector, there’s even more to consider. PCI DSS follows common-sense steps that mirror security best practices. The 12 security requirements for PCI DSS v3. ] Ask the payment processor if they’re using the. The Payment Card Industry Security Standards Council (PCI SSC) sets the PCI Data Security Standard (DSS) to protect cardholder data, applicable to entities handling such data. To use Google Drive as your HIPAA-compliant cloud storage solution, first, you have to request a BAA from the. Credit card processing services are explicitly excluded from the requirements of HIPAA. [We will be publishing reviews of three remote payment processors that can be used in a HIPAA-compliant manner in the next installment of Let’s Get Technical . Encrypted Forms. Word of caution: if a covered entity wants to avoid being liable for the actions of its business. But when it comes to protecting HIPAA data, the necessary security and features become even. These overlaps and similarities can assist organizations with. Rectangle Health’s points of PCI compliance for healthcare aligns to specific HIPAA considerations. 2 calls for regular vulnerability scanning from an ASV. During that time, criminals can run up huge debts – far more than is usually possible with stolen credit card information. Take the Next Step in HIPAA Texting. This essentially forms the. HIPAA vs. Compliance requirements: HIPAA. In 2017, the median home price in the U. They provide customers with an easy way to pay. Discover the best credit card processing companies and learn how to evaluate them based on pricing structures, fees and how credit card processing works. Vulnerability scan 3. Some medical offices require patients to pay in person by swiping credit cards or HSA (Health-Savings Account) cards through a terminal. Here are the steps each authorized person in the business should take when taking a credit card payment over the phone. Most importantly, it allows you to include various payment providers enabling customers to enter the necessary information and confirm the transaction themselves. Paubox is based in San Francisco, CA. 2. TranscribeMe: Best HIPAA-compliant transcription software. Easy Credit Card Data Entry. 2. The primary difference between PCI DSS and SOC 2 is that the former only applies to businesses that process payment card data; the latter applies to any company that processes or stores personal consumer information of any kind. com. More later. 5 million. ExaVault (FREE TRIAL) This cloud storage package with. The secure customer vault is a great solution for any merchant that needs to save credit card or checking information to use for future payments. All of its pricing is clearly spelled out on its website and if. We’ll briefly review PCI compliance and its main requirements, and provide a list of easy best practices you can. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted on August 21, 1996. Fortunately, we have some tips to stay in compliance for telephone-based systems taking payment cards. Our HIPAA compliant payment processing are designed to provide you with everything you need to accept payments seamlessly and. Its. Dharma supports medical healthcare offices with HIPAA-compliant solutions that allow you to accept payments in person and online. 2. Automated superbills. PCI DSS Quick Reference Guide is a concise document that provides an overview of the PCI Data Security Standard and how to comply with it. Overviews of the 12 Best HIPAA-Compliant Video Conferencing 1. The guidelines outline a series of steps that credit card processors must continually follow. It becomes individually identifiable health information when identifiers are included in. In the preamble to the Security Rule, several NIST publications were cited as potentially valuable resources for readers with specific questions and concerns about IT security. HIPAA Compliant. 75 percent). [We will be publishing reviews of three remote payment processors that can be used in a HIPAA-compliant manner in the next installment of Let’s Get Technical . January. MENU MENU. Small businesses can find compliance difficult, and PCI recommends hiring. Review compliance annually. S. Patients can receive timely notifications about upcoming appointments, reducing the chances of no-shows and streamlining the overall process. The software offers a. Contact. Summary. Through accreditation, MSPs can demonstrate to their clients that they take data security seriously and have implemented the necessary safeguards to protect against data breaches. To simplify a definition of what is considered PHI under HIPAA: health information is any information relating a patient´s condition, the past, present, or future provision of healthcare, or payment thereof. The PJ&A data The PJ&A data breach is the second-largest healthcare data breach of 2023, having affected at least 8,952,212 individuals, including patients of Cook County Health in Illinois and Northwell Health in New York. 1) identify their business associates. Automated superbills. Google Drive. PCI Compliance: Technical and operational standards that businesses are required to adhere to in order to ensure that cardholder data is protected. Merchants handling payment cards should contact the PCI Security Standards Council for a complete list of PCI DSS requirements. 2. g. Resources. 5 Best HIPAA Compliant CRMs Compared. The Best Merchant Account Services. Step 1: Businesses are asked to assess. PCI DSS is specific to organizations that process cardholder information. As a result of this sizable breach, the business was forced to stop processing major credit cards for 14 months and had to. Level 1: Applies to merchants processing more than six million real-world credit or debit card. Merchant One: Best for Flexible Pricing. $9. While HIPAA is a law created by the feds, PCI DSS is a standard created by the credit card companies. PCI DSS stands for. All data is encrypted and stored securely using Amazon Web Services. HIPAA compliance is an essential factor that must be considered across all business operations when it comes to online payments, and credit card processing. Use HIPAA-compliant forms to gather the financial information you need for billing and payment processing. Dale Cudmore Web Hosting Expert. Transaction FAQs. The Attestation of Compliance (AOC) produced by the QSA is available for download. In March 2020, a medical practice in Utah paid out a $100,000 settlement for a HIPAA violation. . Posted By Steve Alder on Jan 1, 2023. Best HIPAA Compliant Credit Card Processing Practices: Selecting the Right Processor Credit card information can be intercepted or hacked during these back-and-forth exchanges, so safe credit card processing for healthcare organizations is crucial. The free trial period lasts for 7 days and monthly subscription charges are then made automatically unless cancelled 24 hours prior to the end of the trial. That’s on top of being PCI DSS Level 1 certified. PCI Compliance: The 12 Requirements and Compliance Checklist. g. The card association shares the batch information and contact the issuing banks. In 2017, the median home price in the U. 3. Report on compliance 2. Minimizing scope reduces vulnerabilities and decreases the administrative burden associated with being PCI compliant. Merchant Level 2: 1 to 6 million transactions a calendar year. 9% plus 30¢ per transaction. A covered health care provider, health plan, or. Credit Card Processors; Hi Risk Processing; Mobile Processing Apps; Online. Card data must be encrypted with certain algorithms. September 22, 2023. Keep stored financial data secure and encrypted. It also comes in at No. On the surface, they do offer the convenience of credit card processing, keeping a customer’s card on file, HIPAA-compliant video conferencing, and invoicing software on just one platform. Corepay Review - May 25, 2023. Accept Credit Cards in Private Practice Using Square | HIPAA, Processing FeesUPDATE (11-3-19): Square has changed its processing fees since I uploaded this v. The solution is HIPAA compliant and offers a secure platform, video conferencing, and virtual waiting room features. Sixty-five percent of small businesses miss the mark on. TheraNest is therapy practice management software that specializes in scheduling, notifications, and reminders and provides therapists with HIPAA-compliant online payment functionality. Amazon’s servers infrastructure are certified, ensure the highest physical security and guarantee a 99. While PCI DSS has limited security requirements, HIPAA addresses a wide range of issues related to patient safety, privacy rights, quality assurance, fraud, waste, and abuse. Healthcare clearinghouses. It allows you to collect no-swipe credit card payments at a flat rate of 2. PCI compliance Definition: the Payment Card Industry Data Security Standard (PCI DSS) is a written standard, created by the major card brands and maintained by the Payment Card Industry Security. Here is the list of the best HIPAA compliant solutions: Files. ACH paymentsCredit card processing : AutoPay : Invoicing with batching : Automated invoicing : Payment reminders :. The issue of how to secure patient information and PHI is challenging because HIPAA does not require all patient information to be secured. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. They provide customers with an easy way to pay and have security measures that can make them suitable for HIPAA compliance. You can also use our free Protected Health Information Guide to learn how to safeguard your organization’s PHI. ] Ask the payment processor if they’re using the latest. . Square’s approach to security is designed to protect both you and your customers. Secure payment and credit card processing; Fraud monitoring; Adherence to payment and credit card processing regulations; Payment Card Industry (PCI) compliance is the. Healthcare Compliance. View all financial transactions from the reports tab. The 12 security requirements for PCI DSS v3. Also, if an organization doesn’t store credit card data, but cardholder data does pass through its server, it must comply with PCI requirements. Don’t use conventional payment platforms such as PayPal or Stripe. PCI compliance, or payment card industry compliance, refers to a set of 12 security standards that businesses must use when accepting credit card payments and transmitting, processing and storing. “The workflow is a dream with. Treati. All employees go through full HIPAA compliant print and mailing training every six months, and a refresher once a quarter. SOC 2 + HIPAA - An independent third-party audit firm has examined the description of the system related to Application Development,. Unlike many file storage services, Files. PCI Best Practice 3 - Use role-based system access. There is, however, an important point to take note of. Security. Compliance with the ASC X12 835 standard includes transmitting the data in the ASC X12 835 format to the. HIPAA-related incidents have been growing in recent years. Lack of HIPAA compliance can lead to data breaches, data leaks, or losses. Square Merchant Services: Best for Startups. Credit Card Processing (52) Customizable Templates (70) Chat/Messaging (88) Video Conferencing (140) Third Party Integrations (96) Access. me is a telemedicine video solution that meets HIPAA compliance standards and is also reliable, confidential, and user-friendly. Square: Best Online Credit Card Processing For Low-Volume & New Businesses; 2. Call us 1-866-286-7787. They are directly engaged in creating and transmitting PHI through the performance of the treatment or other procedures and the acceptance of HIPAA compliant credit card processing. PaymentCloud: Best Online Credit Card Processing For High-Risk Businesses; 3. Ivy Pay has put a lot of thought into features and functionality that facilitate HIPAA security compliance, credit card security, and align with therapist’s ethical standards. There’s one big difference, however. The Basics of HIPAA-Compliant Payment Processing 1. The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. PAYARC – Abundance of billing and invoicing tools and advanced features for health professionals through its Rectangle Health integration. 840. HIPAA Compliant Payment Methods. Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands, Visa,. Whatever entry method you choose, our system securely stores all credit card data on a PCI-compliant server. Zendesk takes security very seriously—just ask the number of Fortune 100 and Fortune 500 companies that trust us with their data. Blogs HIPAA compliant payment processing HIPAA compliant payment processing To successfully operate a healthcare practice, it is of utmost importance that you consider. That’s. Enables organizations to detect, prevent, and remediate data breaches. credit card processing, and data migration services. The Business Solutions division of Sysnet Global Solutions. The first thing you have to check is whether they follow Payment Card Industry Data Security Standards ( PCI DSS ). Obtain a Business Associate Agreement With Your Processor: If your credit card processor only provides credit card processing, there is an exception in HIPAA that means you don’t need a typical Business Associate Agreement with your credit card processor. All transactions (including e-commerce) that involve the processing of payment card data (debit and credit cards) are required to utilize the Boston University Cashier System. Use a unique user ID and secure password to access the system. 6717 Fill out our contact form. There is a $50,000 penalty per violation with an annual maximum of $1. The FCRA also provides consumers with the right to dispute any false information on their credit report to have it removed. HIPAA and HITECH compliant, all web traffic, video, database, and file backup within the tool is encrypted. PCI DSS: safeguards cardholder data when a payment is made online. Again, the system you choose must be HIPAA compliant. The PCI DSS globally applies toThera-LINK. Bottom Line: Helcim provides credit card processing the way small businesses need it: with complete transparency.