E-Complish Achieves PCI, HIPAA Compliance Recertifications

  • Author

    Jasleen Kour
  • Date

  • Time

    2 min read
  • Read by

    7.4k People

E-Complish a provider of custom payment processing solutions has been re-certified as compliant with the Payment Card Industry Data Security Standard (PCI-DSS) as well as with standards set forth in the Security Rule component of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

E-Complish attained the PCI-DSS recertification for the 11th consecutive year while remaining in full adherence to DSS 321 the strictest most comprehensive version of PCI standards released to date Developed and enforced by the PCI-DSS Standards Council the PCI-DSS is a series of measures merchants payment processors and credit card service providers must exercise in order to preserve the security of consumers' credit card information and prevent fraud Depending on the level to which it is assigned by the Council every business that accepts handles processes and/or stores credit card information must comply with the measures to various extents

As a designated Level 1 PCI-DSS 321 Service Provider (the highest level) E-Complish is required in order to be certified and recertified as PCI-compliant to undergo an assessment by a third-party Qualified Security Assessor (QSA) to evaluate whether and to what extent it satisfies requirements contained in 12 sections of the PCI-DSS 321 Collectively these requirements include more than 300 elements with thousands of pieces of evidence and inspection that must be obtained by the QSA during the assessment

Meanwhile recertification of E-Complish's compliance with HIPAA follows the completion of a security assessment by a third-party security firm HIPAA comprises a set of physical network and process security standards that must be followed by any entity that handles patients' protected electronic health information (ePHI) Under the umbrella of the HIPAA Security Rule three types of safeguards—administrative physical and technical—must be implemented in order to safeguard ePHI

The HIPAA security assessment process entailed a detailed review in several areas including but not limited to policies and procedures; network and data flow diagrams; physical and environmental security; disaster recovery backup processes; vulnerability management; penetration testing; and system hardening standards Other areas covered included patch management; access control; data storage logging and auditing; security monitoring; and incident response

At E-Complish we are committed to safeguarding and ensuring the security of credit card information and ePHI handled for our customers—and to helping our customers do the same for their customers clients and patients said Greg Gaines E-Complish's director of compliance and client support Our adherence to the PCI-DSS and the HIPAA Security Rule along with our diligence in maintaining compliance with both standards underscore this commitment and will remain top priorities for us going forward into the new decade

E-Complish CEO and Chief Security Officer Stephen Price agreed adding that with potential significant threats to consumers' credit card and ePHI growing ever stronger working with a certified PCI/HIPAA compliant payment processing company is the best way for businesses of all kinds to protect the privacy and integrity of their customers' information while safeguarding their own reputations We look forward to continuing to support our clients in this regard as well as with their own PCI and HIPAA compliance Price concludes Customization Convenience and Security has always been our mission and we're not done yet!

Related Images



Nationwide Franchises & Chains