Earlier this year, SIS delivered an industry-redefining ASC software platform called SIS Complete™. It’s the first comprehensive, cloud-based solution designed to meet the needs of the modern ASC. When we were developing SIS Complete, we leveraged our 20-plus years of surgical software experience and client input to deliver a new software experience to ASCs, built from the ground up with a focus on security and disaster preparedness to support ASCs in the ongoing battle to protect and preserve patient data.
Here are just five of the ways SIS Complete addresses these critical components of successful ASC operations.
1. Ongoing monitoring
We all too frequently hear the stories of data breaches in the news. And there are numerous causes of data breaches, some coming from external sources, others internal. While it's not possible to safeguard against every breach, it is possible to significantly reduce your organization's risk of suffering a breach. One of those risk reducers is to ensure that your ASC software has robust monitoring in place. This provides a way to detect and respond quickly to threats.
If an ASC lacks the capability to monitor its internal network and do so diligently, a breach can go undetected for days, weeks, even much longer. A recent Tech Republic report noted that malware goes undetected in small- and medium-sized businesses for an average of 800 days. As time passes, more data can be stolen, and any new data added following the breach is likely compromised.
With SIS Complete, this ongoing monitoring is provided for the ASC. The SIS datacenter is equipped with robust tools, including behavioral analytics, required to provide around-the-clock monitoring and tracking of all activity within the platform. This supports detecting possible breaches fast and the rapid implementation of mitigation strategies.
2. Built-in security
One of the most significant challenges facing ASCs, particularly small- to mid-sized organizations, is finding qualified professionals (often easier said than done) who can secure their network, hardware, and software and then covering the cost of the services and the solutions required to do so. These include building a secure infrastructure with proper firewalls and adding intrusion detection systems.
The investment doesn't end there. Once the infrastructure is set up, ASCs will require ongoing expertise to ensure solutions remain current (i.e., updated) and should invest in regular testing and auditing of security to catch and fix potential vulnerabilities.
SIS Complete eliminates the need for many of these services and solutions thanks to its numerous, built-in security functions. The platform is supported by a team of experts who deliver continuous data and platform monitoring. Users benefit from SIS' investment in the highest-grade commercial solutions for the security of web-based applications. These include solutions from Tripwire, which detects unauthorized file changes; Cloudflare, which helps mitigate data attacks; and F5 Networks, which helps maintain optimal data traffic flow. In addition, SIS performs all server upgrades, ongoing penetration and vulnerability testing, and "server hardening" — the process of enhancing server security.
3. Enhanced data protection
Most ASC professionals either know of or have at least read about an ASC that experienced significant data loss caused by a ransomware attack, hardware malfunction, failed database backup, or a natural or man-made disaster that damaged computers and servers. With SIS Complete, ASCs are better protected from these types of scenarios.
Since SIS Complete is a professional, enterprise-scale solution, SIS continually focuses on the safety and security of client data, including frequently backing up ASC data at our datacenter, which includes on-site failover and off-site backups for disaster recovery. Furthermore, ASCs that implement SIS Complete have a robust disaster preparedness and business continuity and recovery plan built automatically for them that not only reduces risk but ensures a speedy return to operations in the event of a disaster.
4. Segregated data
One concern often expressed by ASC professionals considering moving to a cloud-based platform is whether other surgery centers on the platform may be able to access one another's data and whether the compromise of one ASC's data may lead to the compromise of others.
This concern is valid as some hosted systems store the data of multiple clients together and such a compromise is therefore possible. However, this is not the case with SIS Complete. While it is a hosted solution, SIS segregates each client's data, eliminating the potential for cross-contamination.
5. Encryption using TL3 1.3
We're going to get a bit heavy here with the tech jargon for a minute and discuss a security feature we are quite proud of and have received kudos for from security testing companies.
The development team of SIS Complete used the most recently released TLS (transport layer security) 1.3 encryption protocol. What does this mean? Servers must have the ability to communicate with each other to share data. This data used to be encrypted with the TLS predecessor, SSL (secure sockets layer). Unfortunately, SSL was hacked several years ago, and researchers found numerous vulnerabilities. This spurred the creation of TLS.
Since then, there have been four versions of TLS. The first, TLS 1.0, is now essentially considered obsolete. Most technology uses TLS 1.1, which has some significant vulnerabilities, or 1.2, which is the default version usually recommended by industry professionals, as SSL.com notes.
Rather than settle for the default, our development team invested in keeping current with what Tech Republic described as the "new industry standard for secure connections." There are few web-based applications using TLS1.3, but considering it was reported to be faster, more secure, and deliver increased privacy, making it an overall better protocol, TLS1.3 was the only protocol our development team ever considered for SIS Complete.
Data Security for Today's ASCs
SIS Complete delivers the data security and protection oversight ASCs need — and that's on top of providing extensive financial, clinical, and operational benefits that help drive success in today's highly competitive marketplace. We think every ASC needs to continue to educate themselves on ways to secure their systems and protect their data. And we think it is important for ASCs to look for partners who are focused on making the significant ongoing investments to stay in front of threats. We'd love to tell you more about why SIS Complete is the right platform for your ASC. Surgery center staff are invited to join us for a comprehensive demo of SIS Complete. Sign up now!