Chat with us, powered by LiveChat

VisitPay Attains PCI Compliance for Third Year in a Row

When it comes to the issue of security, VisitPay believes there are no shortcuts. Our commitment to protecting the sensitive data of our clients and end users is as important to us as the quality of the technology we deliver in our platform. Security and compliance are built into our company DNA as well as our platform.

That’s why we’re excited to announce our Payment Card Industry Data Security Standards (PCI DSS) Level 1 Attestation of Compliance (AOC) for the 3rd year in a row. VisitPay continues to be one of the few healthcare payment solutions that attains AOC for its patient financial health platform. Instead of only doing the minimum by relying on hosting vendor attestation, we go beyond to achieve an attestation from a 3rd party audit firm on the full solution.

What is PCI DSS? It is a set of universally accepted standards that help protect the safety of customer data. The PCI DSS council, founded by major credit card companies, sets the operational and technical requirements for organizations accepting or processing payment transactions, as well as for software developers and manufacturers of the applications and devices used in those transactions. While PCI represents a comprehensive set of security controls, VisitPay considers PCI to be a baseline that we work every day to exceed. Along with HITECH and HIPAA compliance, VisitPay does its utmost to ensure the security of its clients and end users’ critical healthcare and financial data.

VisitPay meets all 12 of the PCI DSS requirements and has never failed an assessment. That’s not something 80% of businesses can say. 2017 marks the 3rd year in a row that VisitPay has been audited, and each time the company attained its PCI DSS Level 1 Attestation without a single compensating control (an alternative security control put in place to temporarily satisfy an unmet requirement).

When assessing potential vendors, be sure to do your homework on what level of PCI Compliance the organization meets. Only a PCI DSS Level 1 Attestation of Compliance, like the one VisitPay has, signifies that the company has gone through a third-party audit. Levels 2 – 4 of PCI DSS only require an organization to self-assess their compliance without input from a third party. If you need proof that the organization meets the PCI security requirements, ask your vendor to provide an AOC for their product from a reputable PCI audit firm.


About VisitPay

VisitPay is the first and only platform for Patient Financial Health. The culmination of seven years learning and development, this proprietary platform enables health systems to dramatically increase the amount paid on patient balances because patients can finally exercise control over their financial health. VisitPay is proudly headquartered in Boise, Idaho, one of the most livable cities in the country, where it has assembled a powerful team focused on predictive analytics, user-driven software design and consumer finance. More information about the company and its solutions can be found at

Media Contacts

Linda Healan
Amendola Communications for VisitPay