Shelly Harvill, a cybersecurity governance and compliance consultant at Agio, advises investors evaluating ASCs to routinely review the organization's security program and whether it's had any breach activity.
With this in mind, Ms. Harvill shared the following advice for ASC administrators:
"We recommend that ASC administrators seek out a comprehensive third-party evaluation of their security program, including a thorough review of their security and privacy practices for HIPAA compliance and all state regulations that may apply to their core market areas. By conducting an annual HIPAA Security Risk Assessment that also includes penetration testing — a simulated cyber-attack on a computer system to evaluate its security features — the organization can identify any technical and physical control gaps and put a plan in place for remediation.
Another vital step in every Security Risk Assessment is a thorough review of the organization's policy and procedures. Lastly, to minimize financial risk and operational disruption, we recommend all organizations proactively engage a qualified security firm to implement an Incident Response Program that can deploy quickly and mitigate damage when an incident does occur. A qualified IRP team can assist in breach response and reduce the time for the organization to be back to normal operations."
To participate in future Becker's Q&As, contact Angie Stewart at astewart@beckershealthcare.com.
For a deeper dive into ASC industry trends, attend the Becker's 17th Annual Future of Spine + Spine, Orthopedic & Pain Management-Driven ASC in Chicago, June 13-15, 2019. Click here to learn more and register.