Vanderbilt University Medical Center Finance

Sarah Bettencourt, Manager – PCI Compliance and Point of Sale Services
3319 West End Ave., Suite 600
(615) 875-9523 or VUMC.PCI@Vanderbilt.edu

VUMC Payment Card Industry Data Security Standard (PCI DSS) Policy

Applicability

PCI DSS applies to employees, contractors, guests, consultants, temporary employees, and any other agent of VUMC that processes, stores, maintains, transmits or handles payment card information in a physical or electronic format on VUMC’s behalf, including all our controlled subsidiaries.

Examples include:

  • Patient Service Representatives (PSR’s)
  • Managers of PSR’s
  • Employees of VUMC controlled subsidiaries that accept payment cards
  • Managers of the employees of VUMC controlled subsidiaries that accept payment cards
  • Pharmacy employees taking payment cards and their management
  • IT professionals
  • Patient Accounting and Collections
  • A Nurse or Doctor if taking payments, for example in the ER
  • And even a third party provider* is applicable!

*NOTE: ALL THIRD PARTY PROVIDERS MUST BE APPROVED BY VUMC TREASURY AND PCI AND CONTRACTS MUST INCLUDE PCI LANGUAGE THAT IS PROVIDED UPON APPROVAL!

Per policy, all contracts with third party providers that process, transmit or store payment card information (credit and/or debit) must have approval from the Treasury and PCI Department. A third party can include any vendor, contractor, and business partner who processes, transmits or stores payment card information (credit and/or debit) on behalf of VUMC. Therefore, these third parties will be required to provide their compliance with the current version of the PCI DSS at all times.

Authority and Delegation

VUMC Treasury and PCI Department has been delegated the Authority to review, approve, and deny merchant account requests. VUMC Treasury and PCI Department will set up all merchant accounts in accordance to PCI DSS.

The Complete VUMC Payment Card Industry Data Security Standard (PCI DSS) Policy is located in the Links.