It is important for all of our staff, both clinical and support, to be aware of how patient data is used and distributed.” An ASC needs to treat protect-

ing patient information like any other patient safety issue, Rubino says. “And like all patient safety issues, staff should receive training and education on how to effectively protect data secu- rity and privacy.”

Protecting Patient Information

Train staff to maintain data security and privacy BY ROBERT KURTZ


ven in an ASC with great infor- mation technology infrastructure,

human error can open the door for cyber criminals, says Tracy Rubino, pri- vacy officer of ambulatory surgery cen- ters for not-for-profit health system Sut- ter Health in Sacramento, California. In fact, Verizon’s 2016 Data Breach Inves- tigations Report cites human error as one of the leading causes of health care cyber security incidents. “Patients trust us with their health

care, and they trust us with their per- sonal information,” Rubino says. “If their information is lost or stolen, then we have failed in our promise to take care of them.”

A breach in data integrity is also a potential legal issue, says Christopher Koles, information technology manager

You cannot wait for the errors to occur. Criminals have their eyes on our data. We have to do all we can to fix holes before a criminal finds them.”

—Tracy Rubino, Sutter Health

for Hillmont GI and its ASC, Spring- field Ambulatory Surgery Center, in Flourtown, Pennsylvania. “The secu- rity of our data is of the utmost impor- tance for both Health Insurance Por- tability and Accountability Act of 1996 (HIPAA) compliance and maintaining the privacy and trust of our patients.

18 ASC FOCUS MAY 2017 |

Secure Buy-In For training efforts to succeed, Rubino says, an ASC’s leadership must buy in. “Leadership needs to make data secu- rity a priority. When leadership con- veys that training is more than just a check-the-box requirement, staff will gain a greater appreciation for their responsibilities.” Staff also need to buy in, she says. “Medical staff are focused on medi- cal care, as they should be, but data security should be considered part of that care. The more you can bring data security to the forefront for your staff, the more it will become part of their natural workflow.” An entire ASC needs to be prepared

for and willing to spend more time on data security, says Michelle Punshon, RN, CASC, administrative director for Bradenton, Florida’s Coastal Ortho- pedics & Sports Medicine’s musculo- skeletal ASCs. “There are more threats than ever before. Everyone has smart- phones, which can create problems. Data security is a growing focus for us, and something we are paying much more attention to.”

Good training cannot prevent bad intentions, Rubino says, which is why it is important to carefully vet prospec- tive employees. “Always do complete background checks. Sometimes the threat you face is internal.”

Educate Early and Often When new staff members join Hill- mont GI, their orientation includes education on the organization’s tech-

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30