Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In this episode, we’re talking about the security standards that go along with accepting credit cards in your therapy practice.

We discuss PCI DSS (Payment Card Industry Data Security Standard) compliance and where it is applicable; what payment processors handle; documentation; not handling or storing the full payment information for clients; the different types of security required for HIPAA compliance vs PCI compliance; why you don’t need a BAA with your payment processor; and the intersection of compliance components for PCI and for HIPAA.

PCT Resources

  • Article:  What is PCI DSS and Why Do I Care?

  • CE course:  Teletherapy and Remote Payment Methods, Legal-Ethical and Practical Considerations

  • Group Practice Care Premium  for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

    + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)

    +  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)

    + more


v2.1.12-beta

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss