Healthcare entities that accept credit card payments are subject to PCI-DSS requirements.  PCI-DSS provides “mandated” requirements for the protection and security of credit card transactions. It is not a law. Rather, it was born out of collaboration between major credit card brands (Visa, MasterCard, American Express, Discover and JCB-Japan Credit Bureau) to regulate and