PCI Compliance

All software and systems that touch credit cardholder data are subject to PCI Compliance. InstaMed is a PCI-DSS Level One v3.2 Service Provider that can significantly reduce your PCI burden.


When you accept, process, or transmit credit cards, you are required to meet the Payment Card Industry (PCI) Data Security Standards (DSS). The PCI Security Standards Council has different requirements based on the way you accept credit cards. These standards apply to websites, portals, applications, and infrastructure that touch cardholder data.

Maintaining PCI compliance is expensive and time-consuming. Maintaining PCI compliance is the responsibility of all parties involved: vendor, hosting provider, and merchant.

InstaMed offers a variety of recommended PCI Compliant Options to avoid touching cardholder data and reduce your security and compliance costs and effort.

Impact of Touching Credit Card Numbers

Software Vendor: Pay expensive annual assessments with a PCI QSA (Qualified Security Assessor) and implement onerous security requirements for the application that change over time

Hosting Provider: Whoever is hosting the software must implement PCI requirements, which are difficult to implement and maintain. 

“When InstaMed is properly deployed, it can significantly reduce the risk of a data breach and is one of the most effective data security programs available to merchants today.”

CoalFire Systems, a PCI Qualified Security Assessor (QSA)
white paper on “Security & Encryption in healthcare Payments”