Meditology is the leading provider of PCI DSS QSA and ASV services for the healthcare industry.

Payment Card Industry Data Security Standard, PCI

Healthcare organizations are facing unprecedented cyberattacks that target sensitive information, including highly sought-after payment card data. Healthcare entities face financial penalties, legal costs, and brand reputational damage in the event that systems are breached and payment card data is exposed.



  • Breach fines (500k+ or $5,000 - $100,000 per month)
  • Cost for a forensic investigation
  • Associated costs for card re-issuing, fraud monitoring, etc.
  • Transaction fee increases
  • Potential cost of FTC audits for 20 years
  • Potential litigation (some states have laws that protect affected individuals)
  • Reclassification as a level 1 merchant (higher standard of compliance)
  • Reputational damage
  • Interchange rate increases or organization is no longer able to accept payment cards

Where is PCI Cardholder Data Processed for Healthcare Organizations?


  • Dedicated exclusively to the healthcare industry
  • PCI DSS Qualified Security Assessor (QSA)
  • Approved Scanning Vendor (ASV)
  • Proven track record helping healthcare entities effectively manage PCI risks
  • Real-world experience implementing and assessing PCI for healthcare organizations
Quote Icon

I want to thank your team for helping us during this time.

The way the Meditology PCI Certification Consulting Services was so beneficial to me is that our qualified assessor is actually not as qualified on technologies and components, and it can take a lot of time out of my schedule. As the CISO, I don’t have time to explain that to someone; it would be a significant impact on our business. I rate Meditology PCI Certification Consulting Services a 5 out of 5 on Value because not only is the process and the structure smooth but they helped with education of that assessor which had an indirect impact on revenue.


Telephonic Software Analytics Company

Quote Icon

It’s extremely valuable to have an outside firm do this work.

Compared to in-house where it would take 4 months and 100% of my time, it’s completely worth it – and I know how much work it is. It’s nice to have my concerns validated too.

Information Security Specialist

Large Pediatric Health System

Quote Icon

The Meditology Team is always very responsive.

Very satisfied with the process and deliverables for the PCI assessment and ethical hacking engagement.

Manager Information Security GRC,

Large Integrated Health System in the South