Protect Your Data Come to ASCA 2016 to learn how to avoid hackers and fines BY NELSON GOMES

Cyber breaches and hacks happen to even the most secured sites. Last sum- mer, a security breach at the Office of Personnel

Management affected the personal data of an estimated 18 million fed- eral employees. Are you doing every- thing that you could to keep your ASC’s data secured? During my session at ASCA 2016

in Dallas, Texas, May 19–22, I will discuss what ASCs should do to mini- mize the risk of a breach. I will explain the importance of understanding infor- mation technology (IT) security, the impact of IT security and the elements that must be included. I will offer a list of top 10 security measures that an ASC could take to protect itself and minimize its security risk. Security and compliance are ongo-

ing efforts, and ASCs need to review their security efforts regularly, at a min- imum bi-annually or annually. When representatives from my company go into an ASC, we perform a risk assess- ment to gain a good understanding of what the center’s security looks like. We conduct a mock security breach to identify gaps and develop a remedia- tion plan based on our findings. Often, as a security risk analyzer, I

see ASCs that lack basic security stan- dards, such as end-point security on their computers and/or servers. Defi- ciencies in documentation and policies are common. Wireless security also is a common issue. Then, there are patches that need to be applied to your system. Some systems are end-of-life, meaning there are no patches available anymore. If you are on an end-of-life server, you need to have a remediation plan in place or you are out of compliance.


the higher your fine will be. Some orga- nizations have paid several million dol- lars to settle potential violations. If you have more than 500 medical

If an ASC experiences a security breach, it must report it to the US Department of Human Services’ Office for Civil Rights. Depending on the severity of the breach, the OCR could fine an ASC thousands of dollars.”

— Nelson Gomes PriorityOne Group

ASCs also have to make sure the

business associates they hire—such as myself—follow the same security poli- cies and guidelines as the ASC. If they don’t, the ASC is liable for them and is out of compliance. If an ASC experiences a secu-

rity breach, it must report it to the US Department of Human Services’ (HHS) Office for Civil Rights (OCR). Depend- ing on the severity of the breach, the OCR could fine an ASC thousands of dollars. The more negligible you are,

records affected, you also have to send out letters to every patient informing them that a breach occurred. You will end up paying the OCR fine, plus the fee of an IT security professional to analyze the breach, plus an attorney’s fee and the cost to send those letters. That is a formidable amount and could significantly hurt an ASC’s bottom line. During my presentation, I will talk about some of the things OCR looks at when investigating security breaches. There are third-party solutions that ASCs can use to help manage secu- rity risks, but you have to make sure you use a reliable IT professional to conduct your annual security assess- ment. I will talk about what questions to ask when selecting such a company for your ASC. Many IT companies use threat techniques to get hired. I consider these techniques unethical and will help ASCs separate hype from reality. Those who attend my session will

come away with enough knowledge to perform an educated review of their policies and develop an IT security plan. They will comprehend the impor- tance of security and how it affects their ASC’s day-to-day functioning as a business.

I look forward to seeing you at ASCA 2016.

Nelson Gomes is the president and chief executive officer of PriorityOne Group in Rutherford, New Jersey. Write him at

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30