PCI Compliance

Payment card industry (PCI) compliance, based on PCI Security Standards Council requirements, helps to ensure the security of credit card information transmitted, processed, and stored by companies.

To be PCI compliant, TherapyNotes users must complete the PCI questionnaire within 3 months of payment processing merchant approval and annually thereafter. The PCI questionnaire ensures compliance standards are in place to protect personal information and ensure security when transactions are processed. A fee of $29.95 per month is charged if the questionnaire is not completed within the required timeframe.

TherapyNotes is happy to guide you through this process so you can avoid being charged PCI non-compliance fees! If you would like assistance with the PCI questionnaire, call us at 215-658-4550 ext. 3 or create an appointment with one of our dedicated payment processing reps.

Not enrolled in TherapyNotes payment processing services? Learn more about the benefits of using this convenient service and how to enroll.

Complete Your PCI Compliance Questionnaire

If you're using TherapyNotes to accept credit card payments, follow the steps below to complete your PCI DSS compliance questionnaire through CardPointe and SecureTrust. Please note that these steps are only applicable to the original account signers and will not work for additional users added to CardPointe.

Step 1: Access the PCI Questionnaire

• Go to https://cardpointe.com and log into your CardPointe account associated with TherapyNotes.
• Click My Account.
• Under the PCI Compliance Column, click on the Not Compliant status. You should be automatically redirected to the SecureTrust portal.

Step 2: Complete Your Business Profile in SecureTrust

Once you're in the SecureTrust portal:

• Click Manage under the Business Profile section on the left.
  • If prompted to choose between Reprofile or Manage, select Reprofile to ensure your profile is up to date.

• To Choose an assessment method, select:

  • Expert – Select this option if you already know the PCI DSS assessment type, then click Next.

• If asked:

  • Your current valid PCI DSS compliance assessment type, choose Self-Assessment Questionnaire (SAQ) A, then click Next.

  • Does your compliance assessment require scanning?, select No, then click Next.

  • Does your company share cardholder data with any third-party service providers...?, select No.

  • Does your company have a relationship with more than one acquirer...?, select No.

  • Do you enforce a minimum password length of 7 characters...?, select Yes, then click Next.

• For the short answer questions, respond with: Processing payments via TherapyNotes, then click Next.

Once your Business Profile is complete, you’ll be taken to the main page to complete the assessment.

Step 3: Complete the Security Assessment

• Click Begin Next Step to start the survey.
  • The survey is divided into five sections. The number of questions in each section is displayed, and a checkmark appears when a section is complete.

• Answer all questions with Yes unless otherwise instructed.

  • Some questions will require a date:

    • Select Yes > Pick today’s date from the calendar > click Finish.

• When you reach the Attestation section:

  • Under Merchant Executive Officer, enter your title (e.g., “owner” or your job title).

  • Click Confirm your Attestation.

Step 4: Confirmation and Renewal

Once submitted, you’ll be directed to a confirmation page showing that your survey is complete. Your PCI compliance status is valid for one year starting today.