When ASCs choose a billing partner, data security usually isn't a reason driving the decision.
Rather, it's typically one or more financial objectives (e.g., improving collections, reducing
denials, eliminating bad debt and revenue leakage, streamlining business office performance, maximizing profitability).
However, success in these areas would be naught if the billing partner doesn't effectively protect its ASC clients' sensitive patient and financial data. A breakdown in security that leads to a data
breach and subsequent theft of client data could lead to significant financial, legal, and reputational challenges for the billing company and its partner ASCs. That's why it's imperative for an ASC billing company to treat all layers of security as a top priority.
What does prioritizing security look like when selecting an ASC billing partner? Be sure the company you choose takes these steps.
Follow best practices for security management
To achieve effective security management, an ASC billing company should keep current with best practices. For example, a company may use what's described as the "CIA triad" model, which is comprised of three elements: confidentiality, integrity, and availability. The company can pair that model with an internally developed hybrid risk management framework that uses qualitative and quantitative methods to analyze risk and guide decisions and actions.
While that's heavy on the security jargon, the key takeaway is that an ASC billing company should have clearly defined security practices and methodologies while leveraging controls and
solutions that can defend the latest threats.
An ASC billing company should also be transparent about how it approaches security management. This includes permitting surgery center clients to audit the company's defense mechanisms by reviewing security policies and procedures and requesting information about the solutions used to protect sensitive data. If a billing company pushes back on requests to learn more about its approach to security management, consider this a red flag.
Approach security and compliance as complementary
Security and compliance are typically treated as separate functions with a symbiotic relationship. They share the goal and vision of helping organizations manage their risk, and thus should work hand in hand. Yet companies often struggle to attain such successful collaboration between security and compliance, which typically results in these functions operating in silos. That's how it's possible for an organization to be secure and not compliant or be compliant and not secure.
Perhaps the most famous example of the latter is the data breach Target experienced in 2013. The company had its Payment Card Industry Data Security Standard (PCI DSS) compliance confirmed just weeks before it suffered one of the largest breaches on record affecting more than 41 million consumers.
An ASC billing company should have strong security and compliance leadership who understand the complementary nature of those two functions and work closely together. When this is achieved, the company will perform better in both areas, as will its ASC clients.
Make ongoing investments in security
While cybercriminals are becoming savvier with their tactics, security technology companies are developing solutions to help keep criminals at bay. An ASC billing company should invest in such solutions, including powerful data encryption, password managers, and endpoint detection and response tools that leverage artificial intelligence.
The company should also provide ongoing security training to its staff and undergo assessments to identify improvement opportunities. Such assessments include those performed by the ASC billing company and those performed by an external entity that provide an unbiased look into the company's technology and security environments.
Commit to continuous improvement
Finally, like its ASC clients, a billing company should maintain an overarching commitment to continuous improvement. That's not just for client-facing services but internal operations as well. This extends to how the company manages risk and the steps it takes from a security standpoint, including those discussed above.
Give Security the Attention It Deserves
Cybercrime is on the rise, and ASCs and their data are appealing targets. By making security a top priority — and ensuring the vendors you partner with, including your ASC billing company — do the same, you increase the likelihood that cybercriminals will view your ASC and its data as challenging targets and move on.
That's why if you're considering outsourcing your ASC billing and revenue cycle management or any other function that will require you to share sensitive data with a third party, ask those companies under consideration about how they approach data security. If the answer you're given doesn't instill confidence, look elsewhere for a partner.