Prahsys is committed to maintaining the highest standards of compliance, security, and legal protection for healthcare providers and merchants. Below is an overview of the key regulatory and security measures in place to ensure safe and compliant payment processing.
HIPAA Compliance & Data Protection
Prahsys is fully HIPAA-compliant, ensuring the security and privacy of patient payment data. Strict protocols are implemented to safeguard Protected Health Information (PHI) in accordance with HIPAA regulations.
Additionally, Prahsys provides a Business Associate Agreement (BAA) for healthcare providers. This agreement clarifies the responsibilities of both parties in handling sensitive patient information securely. Healthcare providers can request a BAA to ensure HIPAA-compliant payment processing.
PCI Compliance & Payment Security
Prahsys meets PCI-DSS Level 1 security standards, ensuring the highest level of protection for payment data. Key security measures include:
Encryption of all payment data during transmission and storage.
Tokenization to prevent the storage of sensitive cardholder information.
Regular security audits to maintain compliance and safeguard payment data.
Tax Reporting Compliance
Prahsys assists merchants with tax reporting obligations by providing IRS-compliant 1099-K forms for those processing payments above the required threshold. These forms simplify the process of reporting payment activity to the IRS. Merchants can request assistance with tax reporting or obtain a 1099-K form through Prahsys support.
GDPR Compliance & Data Privacy
Prahsys adheres to the General Data Protection Regulation (GDPR) for clients in the European Union, ensuring robust data protection measures. Users have the right to:
Access their personal data.
Request data corrections or deletions.
Exercise their rights under GDPR at any time.
State-Specific Regulations (CCPA Compliance)
Prahsys complies with state-specific privacy laws such as the California Consumer Privacy Act (CCPA). Customers have full control over their personal data and can:
Request access to personal information collected.
Opt-out of data sales, if applicable.
Request deletion of personal information in accordance with CCPA regulations.
Chargeback & Fraud Management
Prahsys employs strict chargeback and fraud prevention protocols to protect merchants and patients. Key features include:
Dispute management tools with access to chargeback response capabilities via the Prahsys dashboard.
Fraud prevention measures, including transaction monitoring and Address Verification Systems (AVS) to detect suspicious activity.
Data Breach Notification & Incident Response
Prahsys follows a strict data breach notification protocol in compliance with regulatory requirements. In the event of a breach:
Affected parties will be notified promptly in accordance with applicable laws.
Prahsys will work closely with regulatory authorities to ensure compliance with all reporting and notification obligations.
Data Retention & Deletion Policies
Prahsys retains payment and customer data only for the duration required by legal and regulatory obligations. If a user requests data deletion, Prahsys ensures compliance with CCPA, GDPR, and other applicable laws while securely processing the request.
For additional details or support regarding compliance, data security, or regulatory requirements, Prahsys support is available to assist.