PCI Compliance

Payment card industry (PCI) compliance, based on PCI Security Standards Council requirements, helps to ensure the security of credit card information transmitted, processed, and stored by companies.

To be PCI compliant, TherapyNotes users must complete the PCI questionnaire within 3 months of payment processing merchant approval and annually thereafter. The PCI questionnaire ensures compliance standards are in place to protect personal information and ensure security when transactions are processed. A fee of $29.95 per month is charged if the questionnaire is not completed within the required timeframe.

TherapyNotes is happy to guide you through this process so you can avoid being charged PCI non-compliance fees! If you would like assistance with the PCI questionnaire, call us at 215-658-4550 ext. 3 or create an appointment with one of our dedicated payment processing reps.

Not enrolled in TherapyNotes payment processing services? Learn more about the benefits of using this convenient service and how to enroll.

Note: Some TherapyNotes users may be prompted to complete a more in-depth PCI questionnaire called the SAQ-C. If you get this version of the questionnaire, please contact us at 215-658-4550 ext. 3 for assistance. The instructions on this page are not for that version of the questionnaire.

To complete the PCI questionnaire yourself, follow these steps:

  • Navigate to My Account on your Cardpointe.com account.
  • Under PCI compliance, click on the link to open SecureTrust.
  • Click Start Business Profile
  • On the "Before you begin" page, click Next to proceed.
  • Choose Guide Me under “Pick an assessment method”.

You will be asked a series of questions. Here is guidance on how to answer some of the questions assuming you are only using TherapyNotes to accept credit cards. For other questions, answer based on your practice's operations and policies.

  • What are the ways you accept credit card payments?: Select “My business has a physical location where payments with a credit card are made in-person.” (TherapyNotes is used as the Location reference.)
  • Credit Card Data Storage: Select “None of the above” from the list of options. Leave all others unanswered.
  • Service Providers: Answer “No” to both Service Providers and Multiple Acquirers. TherapyNotes does not share cardholder data with any third parties or acquirers.
  • A summary of how and where you handle card payments: In each field you can write the same answer: Processing cards via TherapyNotes.
  • Sharing Cardholder Data: Select “No”.

After answering all the questions, you will be redirected back to the PCI compliance home page. You should see the business profile completed.

  • Click “Manage” under the security assessment to complete the unanswered questions.
  • Select “Answer Now” under "Complete security assessment" and complete the remaining questions. 
  • Select today’s date from the calendar, then select “Finish” at the bottom of section 12.8.4. 
  • Click Next to answer any remaining questions.
  • Finish and Submit the certification of compliance.
  • Under “Merchant Executive Officer”, fill in the Title field. This can be “owner”, or your license or job title.
  • Confirm your attestation.

Congratulations! You should be directed back to the PCI home page. Your renewal date is one year from today. You should receive an email alert to remind you to complete the renewal process.

Still need help? Contact Us Contact Us