PCI Compliance
& Attestation

In addition to HIPAA, most healthcare organizations must meet the appropriate level of PCI compliance annually. The ability to process patient payments by credit or debit cards is an essential part of revenue cycle management.

The PCI DSS is made up of over 200 requirements and generates hundreds, if not thousands, of mandatory compliance tasks. Scans and pen tests must be conducted accordingly, schedules coordinated, deliverables prepared, and deadlines met.

Gap Analysis

Agio Healthcare’s PCI risk assessment and gap analysis methodology specifically addresses the 12 control areas stipulated in the PCI Standard and fulfills requirements for technical testing as well.

Vulnerability Scanning

Requirement 11 of PCI DSS stipulates that internal and external scanning must be completed by an approved scanning vendor (ASV) quarterly and result in at least one passing scan.

Penetration Testing

As per section 11.3 of PCI-DSS, both internal and external penetration testing must be conducted annually to determine whether credit card data or payment applications can be compromised.


After our evaluation, we provide a report identifying compliance gaps and providing prioritized recommendations for remediation. Agio Healthcare can help ensure that your PCI environment is compliant, secure, and reflects industry best practices.

Agio Healthcare is one of the few cybersecurity companies that provide PCI attestation as well as HIPAA risk assessments. We are uniquely-positioned to facilitate the preparation of PCI Self Attestation Questionnaires (SAQ) or deliver Reports on Compliance (ROC), as well as harmonize your compliance activities and reviews over multiple frameworks.