4 minute read

No one understands the struggles and triumphs that ASC leadership experiences like those who have gone through it themselves. We understand Administrators, Business Office Managers, Chief Nursing Officers, Nurses, and everyone else who makes an ASC run successfully because at one point, we were standing right in your shoes.

Welcome to HST’s Administrator’s Corner 👋 Together, we’ll be addressing current issues that ASC leadership are facing to help solve your most pertinent and difficult problems. The advice below is proven and actionable, and we hope you find it helpful!


Question: What steps do you think are most important to ensure compliance with HIPAA and cybersecurity at an ASC?


Dean Brown
VP of Business Development, HST Pathways
Former ASC Admin for 22 years in Alabama

As a former ASC administrator, the only formal security that I deployed was anti-virus software and a firewall. However, today with the fines and penalties that a center can be exposed to, it behooves them and their leadership to take all actions possible and economically feasible to demonstrate a good faith effort to protect their patient’s data. One stolen health record on the dark web can fetch up to $1,000. A few tips, 1) Elect a Privacy Officer, 2) Purchase a Cyber Liability and Data Breach policy, 3) Have written HIPAA and Cybersecurity policies and procedures, 4) Perform an annual HIPAA risk assessment and use the results to remove security gaps, and 5) Do not skimp on 3rd party cybersecurity software (Antivirus and Firewall).


Pierre Devaud
Sales & Relationship Manager, Patient Access, HST Pathways
Former ASC admin for 7+ years in New York

Data privacy should be your second highest priority as an ASC Administrator superseded only by patient safety. As the leader for your center, ensuring private information is not obtained by malicious actors is achieved in two primary ways: systems and people. Successfully ensuring both components are tight is required. No IT infrastructure works without your staff’s support, but also consultants and vendors appreciating the consequence of a data security breach. I always found it powerful to remind my staff of how they would react if their medical provider allowed their private health data to be stolen.


Kathi Gascho, RN, BSN
Senior Quality Assurance Engineer, HST Pathways
Former ASC Director of Nursing in Arizona

In addition to routine HIPAA training, I feel that one of the most essential measures is to empower each person to feel comfortable speaking up. Everyone should have a voice if the security of patient information is at risk. Administrators cannot be in all places, so they need the help of extra sets of eyes keeping watch for potential HIPAA problems. I once had an employee who saw a sales rep taking a photo with his smart phone of a patient schedule that included PHI. This conscientious individual brought it to my attention. I was able to speak to the vendor and confirm that the information had been deleted. We came up with an alternative way to distribute the needed information and that employee helped to thwart a potential breach!


Donna Griggs, RN BSN MPH
Clinical Training Specialist in Learning & Development, HST Pathways
Former ASC Admin and CNO for 16 years and RN for 30 years in Kentucky, Mississippi, and Tennessee

HIPAA and Cybersecurity are not new to the ASC world, yet their nuances can change drastically as well as quickly. A violation or aloofness to either could cost your center lots of money. I was lucky to have a Hospital Partner that continually provided my centers with latest information, but if you do not have that hospital relationship, here are some other resources you can leverage your accreditation company, your IT/cybersecurity software company, your malpractice insurance provider, or even an attorney who can provide education for your staff and physician/share holders (and include some real life scare-the-pants-off-you stories!). Lastly, schedule a day to go into detail and answer questions – make it an interesting and meaningful learning event. It must be held at least annually and more often as deemed necessary by event or your Policy & Procedures. I used to have secret shoppers from other centers, the hospital, from IT, Medical Records, etc., that provided me with surveys and walkthroughs. Be sure that you talk the talk and walk the walk, in all areas of your center.


Dorothy L. Immel
HST Practice Management Consultant, HST Pathways
Former Regional Business Office Manager and CBO Director in Texas & Oklahoma

I believe the most important step in ensuring compliance with HIPAA and cybersecurity best practices is education, education, education. Gone are the days when a manager or security officer can simply walk past a desk and point out blatant violations (such as an open chart left unattended). Emails and websites don’t even have to be related to patients or their care to put the entire facility at risk. The better staff understand this, the safer the data will be.



Connect with HST to learn more