Vanderbilt University Medical Center Finance

Sarah Bettencourt, Manager – PCI Compliance and Point of Sale Services
3319 West End Ave., Suite 600
(615) 875-9523 or

Responsibilities of a VUMC Merchant

Any area or department accepting payment cards on behalf of VUMC for gifts, goods, or services will designate a full time employee within that department who will have primary authority and responsibility for payment card and/or ecommerce transaction processing. This individual will be referred to as the Merchant Department Responsible Person or MDRP.

A MDRP must be at a minimum:

  • A fiscal officer,
  • A business manager,
  • An administrative officer,
  • Or equivalent

Any changes to the person filling this role should be reported to immediately.

All MDRPs must do the following at least annually:

  • Review VUMC PCI DSS Policy
  • Update your specific Departmental Policy and Procedures
  • If you use a third party provider you MUST collect and forward to an updated PCI DSS Compliance Certificate or PA DSS Validation Certificate.
  • Complete VUMC PCI Training, and ensure all employees have completed their appropriate training based on role
  • Updated Employee Compliance Forms
  • Ensure all personnel understand VUMC’s Incident Response Plan (IRP) in terms of how to report a suspected data breach
  • Complete department Self Attestation Questionnaire (SAQ)
  • Update any necessary documentation with VUMC Treasury and PCI Department