HIPAA and Credit Card Processing
What is HIPAA?
HIPAA (Health Insurance Portability and Accountability Act of 1996) is US legislation that sets standards for protection of medical information.
Its primary purpose is to protect the privacy of an individual's health records. Healthcare providers, medical offices, and service providers that store or transmit health information fall within the scope of HIPAA and must therefore meet its compliance standards.
As a credit card processor, Helcim frequently receives inquiries from healthcare providers about HIPAA compliance. The US Department of Health and Human Services (HSS.gov) has stated that credit card processing does not fall within the scope of HIPAA as no health record information is being stored - only card payment information.
Card Processing Security Standards
Helcim, like other credit card processors, must adhere to the Payment Card Industry Data Security Standards (PCI-DSS) for protecting cardholder data. Helcim meets and goes above those standards, and is listed as a PCI Level-1 compliant service provider.