Jane wants to protect ALL of your clinic data. This of course includes your patient health records, but it also includes credit card information. Every now and then a situation comes up where clinics or patients of clinics are concerned about how Jane stores credit card information, so we thought it would be helpful to talk a little about how Jane handles this data.
What is the Payment Card Industry Data Security Standard?
The Payment Card Industry Data Security Standard (PCI DSS) is a protection measure that applies to any company that accepts credit card payments. PCI compliance is managed by the PCI Security Standards Council.
Is Jane compliant with PCI standards?
Yes. Jane only uses PCI-compliant credit card processors to store sensitive credit card data.
How does Jane store credit card data?
In fact, No credit card data is stored in Jane.
But I enter credit card information into Jane. Isn’t the data stored in Jane?
Not quite. When you enter credit card information into Jane, Jane creates and keeps a token that can be used to reference that information. But the actual sensitive information is sent to and stored within our payment processing partners Stripe and Payfirma.
What’s a “token?”
A token is a snippet of code that replaces sensitive information with a non-sensitive place-holder: a “token.” Jane stores non-sensitive tokens that refer to the data held in the credit card processor’s system (the actual sensitive data). And Jane only works with PCI-compliant credit card processing companies.
How do PCI regulations keep my data safe?
Security measures under PCI fall into two categories: technical and operational. Each measure was created to meet a specific goal. Any company that accepts credit card payments must adhere to PCI requirements.
If Jane is PCI-compliant, my clinic is too, right?
It’s important to note that software can’t do everything - human behaviour is just as important to data protection and security as compliant software. Whether we’re talking about health records or credit card data, it’s crucial to create and implement policies in your clinic that require managers, practitioners, and all staff to uphold the highest data protection standards.
Clinics often have highly-specific questions about their particular data and the way it is organized. Our team is always here to help so let us know what we can do.