E-Complish Achieves PCI, HIPAA Compliance Recertifications

Payment processing company meets stringent data security standards

E-Complish, a provider of custom payment processing solutions, has been re-certified as compliant with the Payment Card Industry Data Security Standard (PCI-DSS), as well as with standards set forth in the Security Rule component of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

E-Complish attained the PCI-DSS recertification for the 11th consecutive year while remaining in full adherence to DSS 3.2.1, the strictest, most comprehensive version of PCI standards released to date. Developed and enforced by the PCI-DSS Standards Council, the PCI-DSS is a series of measures merchants, payment processors, and credit card service providers must exercise in order to preserve the security of consumers’ credit card information and prevent fraud. Depending on the level to which it is assigned by the Council, every business that accepts, handles, processes, and/or stores credit card information must comply with the measures to various extents.

As a designated Level 1 PCI-DSS 3.2.1 Service Provider (the highest level), E-Complish is required, in order to be certified and recertified as PCI-compliant, to undergo an assessment by a third-party Qualified Security Assessor (QSA) to evaluate whether, and to what extent, it satisfies requirements contained in 12 sections of the PCI-DSS 3.2.1. Collectively, these requirements include more than 300 elements, with thousands of pieces of evidence and inspection that must be obtained by the QSA during the assessment.

Meanwhile, recertification of E-Complish’s compliance with HIPAA follows the completion of a security assessment by a third-party security firm. HIPAA comprises a set of physical, network, and process security standards that must be followed by any entity that handles patients’ protected electronic health information (ePHI). Under the umbrella of the HIPAA Security Rule, three types of safeguards—administrative, physical, and technical—must be implemented in order to safeguard ePHI.

The HIPAA security assessment process entailed a detailed review in several areas, including, but not limited to, policies and procedures; network and data flow diagrams; physical and environmental security; disaster recovery backup processes; vulnerability management; penetration testing; and system hardening standards. Other areas covered included patch management; access control; data storage, logging, and auditing; security monitoring; and incident response.

“At E-Complish, we are committed to safeguarding and ensuring the security of credit card information and ePHI handled for our customers—and to helping our customers do the same for their customers, clients, and patients,” said Greg Gaines, E-Complish’s director of compliance and client support. “Our adherence to the PCI-DSS and the HIPAA Security Rule, along with our diligence in maintaining compliance with both standards, underscore this commitment and will remain top priorities for us going forward into the new decade.”

E-Complish CEO and Chief Security Officer Stephen Price agreed, adding that with potential, significant threats to consumers’ credit card and ePHI growing ever stronger, working with a certified, PCI/HIPAA compliant payment processing company is the best way for businesses of all kinds to protect the privacy and integrity of their customers’ information while safeguarding their own reputations. “We look forward to continuing to support our clients in this regard, as well as with their own PCI and HIPAA compliance,” Price concludes. “Customization, Convenience and Security has always been our mission and we’re not done yet!”

Source: E-Complish, Inc.

Share:

Additional Images