Meditology's PCI practice evaluates your compliance with payment card security
mandates and helps support timely and cost-effective remediation.

We have decades of experience building and executing payment card security programs
and assessing PCI compliance for healthcare entities.

Our methodology includes documenting payment process flows, verifying appropriate PCI merchant levels and system scoping, assessing relationships with merchant banks and third party payment processors, reviewing and completing SAQs, and reporting potential gaps and recommendations for remediation.

STEP 1   Discovery and Scoping

STEP 2 ⇒  PCI Security Assessment Gap Analysis

STEP 3 ⇒  Reporting and Recommendations

STEP 4 ⇒  Remediation Planning


  • HIPAA expert witness firm for OCR
  • Experienced CISOs and Privacy Officers
  • Dedicated to healthcare
  • Hundreds of clients coast to coast
  • Advisors to ONC / HHS
Quote Icon

I want to thank your team for helping us during this time.

The way the Meditology PCI Certification Consulting Services was so beneficial to me is that our qualified assessor is actually not as qualified on technologies and components, and it can take a lot of time out of my schedule. As the CISO, I don’t have time to explain that to someone; it would be a significant impact on our business. I rate Meditology PCI Certification Consulting Services a 5 out of 5 on Value because not only is the process and the structure smooth but they helped with education of that assessor which had an indirect impact on revenue.


Telephonic Software Analytics Company

Quote Icon

It’s extremely valuable to have an outside firm do this work.

Compared to in-house where it would take 4 months and 100% of my time, it’s completely worth it – and I know how much work it is. It’s nice to have my concerns validated too.

Information Security Specialist

Large Pediatric Health System

Quote Icon

The Meditology Team is always very responsive.

Very satisfied with the process and deliverables for the PCI assessment and ethical hacking engagement.

Manager Information Security GRC,

Large Integrated Health System in the South