How to protect patient health information from hackers

Simple steps to protect your patients medical records

Cyber-attacks were common to the government agencies, the energy industry, small and medium-sized businesses etc., based on cdnetworks article on cyber security. However, in the recent 3-4 years this pattern has drastically changed; Healthcare industry now makes the list with 400 breaches a year and more importantly, around 4.7 million health records have been compromised in the initial months of the year 2018. Different functionalities of the EHR system such as cloud access and patient portal do help in the easy retrieval of data, but at the same time can cause an alarming situation to be created.  Measures need to be taken to ensure fool proof security of the practice without disturbing the regular workflows.

How do you take care of such breaches?

Cyber-attacks are a major concern amongst the organizations and are likely to increase over the years. However with proper precaution such attacks can be avoided. There are numerous ways of ensuring the safety of your practice:

Compliance of the protocols set forth by HIPAA:

Following the rules and regulations established by the HIPAA act are a sure way to keep your data safe at all times. Reports and information which have been printed shouldn’t be left unattended. Even if the need of scanning the information arises, care should be taken while storing the particular information. Unnecessary documents should be shredded right away. Privacy monitors can be utilized while using the computer screens, in order to eliminate the possibility of data theft.

Read More: 30 minute EHR evaluation method

Incorporation of Antivirus solutions:

Vendors providing you with the EHR solutions should be asked about the security features being provided along with the entire package; a firewall application can protect the data from outside attacks; data loss can occur though the files downloaded from the internet or due to the installation of a malicious software. According to the security report published by, data breaches cost around $5.6 billion each year.

Proper usage of Social Security numbers:

A common practice among documentation workflows is the use of Social Security Number (SSN) as a unique path identifier. Your SSN shouldn’t be displayed at the top of the patient forms for others to see. Such cases often lead to the illegal use of the SSN and can cause future disturbances.

Read More: 3 RCM Metrics Practices Should Keep An Eye On, To Be ICD-10 Ready!

Do not share patient data with anyone unless approached through a proper channel:

People can give away crucial information to almost anyone. Your staff needs to be informed about the credibility of data and the breaches which may occur within the practice. A 15 minute daily meeting and discussion on cyber security can do wonders for the entire organization. If the patient has authorized the sharing of information then the medical records can be shared. But the consent of the patient is necessary by all means, with regard to the sharing of their medical records.

Sign out of the EHR system when leaving the practice:

While exiting the practice, care should be taken of logging out of the EHR system installed on your computer. Otherwise the possibility of a breach or an unauthorized access is quite likely. In case of an unauthorized access, the person whose account has been logged into will be held accountable for the damage done. Therefore, it is very important for everyone in the organization to be cautious of their usage.

Creation of strong passwords:

Passwords should contain alphanumeric characters for the purpose of ensuring industry standard security in the premises of the practice. The password shouldn’t contain the name of the most prescribed medicine, or your favorite sports team. It should relate to something which is easily remembered by the physician and not by the potential hackers.

Securing your hardware:

Portable hardware is often easy to steal, such as laptops and tablets etc. However, proper locks can be installed to prevent the theft of these devices, such as the aftermarket locks can be attached to the hardware. Anti-theft activities such as these can prevent future breaches.

Accessing the EHR system from outside the office:

Connecting to a public Wi-Fi is as good as sharing your credentials with the whole wide world. Similarly the usage of the EHR system should be done someplace safe; a public place such as a market can prove to be damaging for both the physicians and the practice, since patient data alongside other forms of information can be stolen without any hassle.

Implementation of the above mentioned strategies can surely help physicians in securing their practices against potential cyber-attacks.

Top EHR Vendors With Highest Patient’s Data Security

  1. AdvancedMD EHR
  2. Doctor Connect EHR
  3. Practice Velocity Urgent Care EMR