10 key concepts for cyber security at ASCs — yes, your center is a target

Cyber security is one of the biggest concerns around the world for businesses — big and small — as well as consumers.

It's particularly important in healthcare where providers hold personal information about their patients from social security and credit card numbers to health histories. Experts are now suggesting medical information is 10-times more valuable than credit card numbers on the black market. Hackers can steal information to purchase medical equipment or drugs to resell, or match patient numbers with false providers to file fraudulent payer claims.

There have been high-profile data breaches and hacks for healthcare providers this year, including Community Health Systems, and ambulatory surgery centers are also a target. Here are 10 things to know about cyber security for ASCs:

1. Hackers could target ASCs because systems are more likely easier to attack than large hospital systems, even if the ASC has less personal data than larger providers, according to PriorityOne Group President and CEO Nelson Gomes in a previous report. It's also likely ASCs won't find the issue right away, so hackers could have more time to copy and transfer data out of the system.

2. ASCs can stall potential hackers by investing in antivirus/antimalware and intrusion detection software and keeping this software up-to-date. ASCs can devise a policy to keep hardware safe and secure, including limiting laptop use to the center.

3. Be careful in selecting electronic medical records or other software systems so it includes security features such as access privileges and data encryption. Don't allow unsecured access to EMR outside of the system. Additionally, make sure to eliminate access for former employees after they leave the center.

4. Regularly audit your IT security and stay abreast of your business associates, who are also required to keep your patents' information secure. Audits should identify compliance gaps and allow leaders to fill them.

5. If a breach occurs, the center is responsible for notifying patients, the media and HHS. Then centers must identify the cause, all of which costs money. Additionally, regulatory penalties can be $100 to $50,000 for each HIPAA violation.

6. Is "The Cloud" a safe place for patient information? Global information company Experian is predicting Cloud data will be a "hot commodity" next year with hackers targeting more credentialing data to gain access to cloud accounts. Both individual and organization accounts will be valuable. The same report predicts healthcare breaches will increase. However, another report from IDC Health Insights predicts 80 percent of healthcare data will travel through the cloud by 2020.

7. The IDC report also says that around half of healthcare organizations will experience up to five cyber attacks in one year by 2015, with one in three of the attacks successful.

8. Patients have higher deductibles now and ASCs are working harder to collect, whether patients pay it all upfront or in installments. Many times patients pay with credit cards and ASCs must be careful with that information as well. Encrypt credit card information and address the exchange of information to make sure the center is in compliance.

9. Don't allow employees to bring their own devices. Instead, issue mobile phones or other devices to nurses and staff to use while they are at work to avoid cyber security issues. If your center does allow employees and physicians to bring their own devices, use software to help protect assets while these devices are in use. An Information Week report suggests using an internal app store with pre-approved apps for work and entertainment.

10. Develop a clear and concise online social media sharing policy. Healthcare providers across the country are using Facebook, Twitter and other social media sites to engage their patient population without breaching HIPAA. There have been high-profile cases of physicians, nurses and other healthcare workers breaching HIPAA on social media with posts about patients or workplace photos, and ASC administrators want to make sure these violations don't occur at their center.

More articles on surgery centers:
42 ASC financial facility statistics
8 observations on healthcare spending over the next 5 years
5 quick facts on Medical Facilities Corporation's dividend report

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers