3 tips to prevent a patient information breach

Both medical professionals and patients today are vulnerable to data security breaches. But in the worst case scenarios, it is mishandling of patient data by those same medical professionals that can cause an information breach. For this reason, professionals today are tasked with learning how to protect patient data both while handling it and while storing it. In this post, learn some top tips for protecting patients from a data breach.

Tip #1: Make sure all devices are encrypted

Any device used to transmit, transport, verify or consult patient data should be encrypted. The term “encrypted” essentially means that if the data falls into the wrong hands, it will be unreadable and useless.

Encryption should be enabled for intra-practice, inter-practice and external data transmission. In other words, if patient data travels anywhere at any time, it should be encrypted.

Encryption is especially critical for remote staff, who may be traveling between multiple locations and accessing patient data from their devices at various points along the way. With encryption, even a lost device will not compromise sensitive patient data.

For practices using workflow software to streamline and centralize day-to-day and other routine practice tasks, there is often the ability to add, authorize, encrypt and (if necessary) wipe or shut down remote mobile devices that are linked to the software’s central system – this effectively controls for a breach so long as the missing device is reported promptly.

Tip #2: Set access permission levels

Another key tip for safeguarding sensitive patient data is to set password-protected permission levels for access to data. For instance, receptionists, techs and staff responsible for submitting claims to insurance may have access to a certain level of patient data, while physicians and surgeons may have access to a much greater level of patient data.

Setting permission levels will not completely prevent a patient information breach, but it will control the sensitivity of the data that is exposed and also provide an easy way to track the breach back to its source and implement protocols to prevent a recurrence.

Along with setting password-protected permission levels comes the need for password protocols (to create harder-to-guess passwords) and periodic password resets. More frequent reset prompts can control for staff turnover as well as greater data security.

An alternative (or addition) to password protection and access levels is what is called a “vendor neutral archive.” This tool presents patient data from one centralized, password protected, encrypted and uniform central site, thus consolidating both records and minimizing risk of a data breach.

Tip #3: Never share access IDs with colleagues and always log out of shared devices

Finally, one of the easiest ways to prevent a data breach involving sensitive patient information is simply to log out after you’ve logged in and never ever share your login or access ID with anyone else – no matter how much you think you trust them.

Whether you are accessing patient information on a shared public device or on your own private BYOD (bring your own device), logging out is the single easiest and yet most important action you can take to protect yourself and your patients from a security breach.

And if you ever access sensitive information from a device or terminal located in an area patients and transients have access to, you should safeguard your private login information in the same way you would if you went to withdraw cash out of an ATM using your debit card!

As well, while it may be tempting to share an ID with a fellow employee who is in a rush, has forgotten their own or doesn’t have one yet, any goodwill gained by this generosity will soon be eradicated if that colleague then goes on to steal or expose sensitive patient data.

By putting these three tips into immediate practice, you drastically reduce the risk of a data breach involving patient information.

Robert Cordray
Robert Cordray
Robert Cordray is a former business consultant and entrepreneur with over 20 years of experience and a wide variety of knowledge in multiple areas of the industry. He currently resides in the Southern California area and spends his time helping consumers and business owners alike try to be successful. When he’s not reading or writing, he’s most likely with his beautiful wife and three children.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.