Security as a Priority: How Surgical Notes Protects Clients' Data
By Nathan Hess, Chief Information Technology & Security Officer
There's significant attention being paid to data security these days, and justifiably so. Cyberattacks are on the rise, and the news is filled with reports of ransomware attacks crippling businesses and communities.
When ASCs choose Surgical Notes to manage their revenue cycle, data security usually isn't a reason driving the decision. Rather, it's typically one or more financial objectives, such as improving collections, reducing denials, eliminating bad debt and revenue leakage, streamlining business office performance, and maximizing profitability. While these are areas where Surgical Notes excels as a company, all this great work would be naught if we didn't effectively protect our partners' sensitive patient and financial data. After all, a breakdown in security that leads to the theft of client data could lead to significant financial, compliance, and reputation challenges for us and our partner ASCs. That's why we treat all layers of security as a top priority.
Here are just a few of the approaches Surgical Notes takes to help keep our client ASCs' data protected.
1. Follow best practices for security management
To manage security, we use the "CIA triad" model and pair it with our own hybrid, risk-based framework to guide our decisions and actions. While that's a little heavy on the security jargon, understanding the triad model provides a broad picture of what we do and how we think about security.
CIA stands for confidentiality, integrity, and availability. Following these three elements helps:
-
ensure that we are protecting our systems and data from unauthorized access;
-
ensure that we are protecting our data from unauthorized changes; and
-
ensure that our systems and data are available for users.
2. Treat security and compliance as complementary
Security and compliance are typically treated as separate functions with a symbiotic relationship. They share the goal and vision of helping organizations manage their risk, and thus should work hand in hand. Yet many companies struggle to achieve such successful collaboration between security and compliance, which usually results in these functions operating in silos. That's how it's possible for an organization to be secure and not compliant or be compliant and not secure.
The most famous example of the latter is Target in 2013. The company had its Payment Card Industry Data Security Standard (PCI DSS) compliance confirmed just weeks before it suffered one of the largest data breaches on record.
At Surgical Notes, we're fortunate to have strong security and compliance leadership who understand the complementary nature of those two functions and work closely together. As a result, we are able to perform better in both areas.
3. Investments in security
While cybercriminals are becoming more savvy with their tactics, we are fortunate that security technology companies are developing solutions to help keep criminals at bay. We've invested in a number of these solutions, including powerful data encryption, password managers, and endpoint detection and response tools that leverage artificial intelligence. We also provide ongoing security training to our staff and undergo routine assessments to identify opportunities for improvement.
4. Commitment to continuous improvement
As a company, we have an overarching commitment to continuous improvement. That's not just for our client-facing services, but our internal operations as well, which extends to how we manage risk and the steps we take from a security standpoint.
