Cyber Security: What Your Anesthesia Group Needs To Know

Between October 2023 and January 5, 2024, I have personally received five “Notice of Data Event” letters: one from an anesthesia billing company, three from Michigan health systems (two coming from the same health system), and one from my primary care provider’s billing vendor. As a patient, you are limited in what you can do to protect yourself from a healthcare data breach, however, as a private anesthesia group you can certainly take steps to protect your patients.

Whether your group has an in-house billing operation or outsources to a vendor, cyber security should be a top consideration. Healthcare institutions are prime targets for hackers because of the nature of the data collected. We spoke with Levi Citrin, Fusion’s Chief Technology Officer on measures Fusion takes to keep data secure for our clients and their patients. “At Fusion Anesthesia Solutions we put security at the forefront of everything we do. If we can’t do it securely, we don’t do it”.  Below are a few key takeaways from our conversation and recommendations regarding cyber security for your anesthesia organization:

  • First and foremost, make the financial investment in cyber security. Security compliance requires a major financial investment to implement and maintain but the return on investment is huge.
  • The organization must become complaint/certified with the Systems and Organization Controls 2 (SOC2). The SOC2 security framework covers how companies should handle customer data that’s stored in the cloud and includes auditing of those processes.
  • In addition to SOC2 compliance, conduct regular internal audits and testing. Have your own internal security framework that your organization follows.
  • Outside access to systems should be prohibited unless it is on a company issued and regulated device.
  • Implement systems that ensure any electronic communication containing Protected Health Information (PHI) are automatically sent securely.
  • Require 2 factor authentication on all devices and accounts.
  • Ensure data on all servers is encrypted and limit where data can be stored, i.e. on local computers.
  • Implement and require annual HIPAA training for all employees.
  • Implement tools to monitor desktops and servers.

 

For more information on this and other anesthesia billing and practice management topics, contact Fusion Anesthesia Solutions at sales@fusionanesthesia.com.

Do you have an A+ Anesthesia Billing Service?

Find out.

Evaluate My Current Biller

Get the 10-step How to Start a Practice checklist!

Download our Free eBook: Transparency in Anesthesiology Billing: Everything Your Billing Company Doesn’t Want You to Know

  • Hospital / Organization / Practice Name
  • This field is for validation purposes and should be left unchanged.

Interested in lowering your costs? Let’s talk.

  • This field is for validation purposes and should be left unchanged.

Hi there! Need a laugh? 🙂

Yes! Joke, please.

Contact Us

No obligation custom report

See the appropriate billing and collections opportunities that your current billing systems are missing.

*all fields required

Newsletter Signup