SimplePractice Receives Level 1 PCI Data Security Standard Certification

SimplePractice, the industry leader in practice management and electronic health record solutions for health and wellness professionals, announced its achievement of Level 1 PCI (Payment Card Industry) Data Security Standard Certification, which solidifies SimplePractice as a certified PCI merchant. The third-party Qualified Security Assessor (QSA) issued this confirmation of compliance. At the same time, the SimplePractice EHR platform and team titled it as the highest levels of security and compliance measures upheld.

PCI DSS is considered one of the most specific and strict payment security certification standards globally, which needs merchants and service providers who can store, transmit, or process customer payment card data by taking charge of information security controls and processes to ensure data integrity. It also includes requirements for security policies, management, procedures, software design, and other vital protective measures that service providers must adapt to safeguard customer data.

A company needs to undergo a thorough onsite audit to obtain PCI DSS certification authorized by a PCI DSS independent assessment organization. These include Qualified Security Assessors, Approved Scanning Vendors, PCI Forensic Investigators, and others. A company should make a strict rule to adhere to the relevant security requirements across its daily operations after receiving the certification.

“Maintaining compliance with the latest security standards and HIPAA regulations is a critical part of the work we do, ensuring our customers have the latest in technical capabilities to run their businesses. For any healthcare practice, keeping both practice and client data private and securely stored is a top priority,” said Martin Ignotovski, Chief Information Officer of SimplePractice. “For smaller and private practices, PCI DSS certification is a huge differentiator that allows our customers to maximize their focus on transforming their clients’ lives.”

“The Payment Card Industry Data Security Standard Certification helps ensure that personal payment data will remain private,” said Ryan Freeman-Jones, Managing Director of Meditology Services, the third-party assessor responsible for the security audit of SimplePractice. “We appreciate the opportunity to partner with SimplePractice for their ongoing efforts to safeguard customer data.”

Trusted by over 75,000 health and wellness professionals, SimplePractice needs to provide best-in-class business solutions that specify small private practices’ needs. The tools provided by SimplePractice proved satisfactory for many entrepreneurs in private practice, as it helped to carry the operations of their business smoothly while maintaining the freedom and flexibility to focus on their clients, families, and passions.

In early 2020, SimplePractice was the first and only electronic health record (EHR) platform meeting private practitioners’ needs to reach HIPAA compliance to achieve HITRUST and NIST CSF certification’s highest security standards available in its category.