Security Practices for Medical Records

March 13, 2019

As medical practices and courthouses digitize their records, they are having to shred or store their paper documents securely in order to avoid being in violation of HIPAA laws. Patients have always relied on their doctors to keep their health information safe and private – and they still do – but the battlefront has changed from simply locking a file drawer full of patients’ information.

A few short years ago, someone on a medical staff having access to a patient’s medical history wasn’t a crisis. However, today’s threat of a hacker getting hold of patient records and publishing them online is quite alarming.

There was no benefit before of stealing patient records out of a drawer, because the bandit would have needed to take out a classified advertisement in the local paper! But now, they merely have to collect patients’ records and sell them to a secret marketer via the Dark Web.

Who Is Responsible for My Medical Records?

The medical practice that keeps a patient’s medical records is responsible for those records. However, the information contained therein belongs to the patient.

Nothing is 100% secure, so medical practices must take extra precautions to protect their patients’ privacy and to be in compliance of HIPAA rules. The practice must focus on a trident of ethical priorities: (1) privacy and confidentiality, (2) security of the data, and (3) data integrity and availability to the patient.

Security Practices for Limiting Exposure

The key to preserving confidentiality of patient information is limiting access to authorized individuals only. In a medical practice, that would include the doctor and the practice’s administrator, and they would identify any additional users who are granted this access and precisely what portion of the information they are allowed to access.

The practice administrator would then assign usernames and passwords to control who is viewing what. This way, access to all information can be tracked and limited.

Changing these passwords at regular intervals, keeping them complicated and without patterns, and even adding a biometric lock (facial, retinal, fingerprint, etc.) are solid steps toward securing private data from hackers.

It is important to keep the digitized data locally on the practice’s own private intranet, and not permitting these machines to be connected to the internet. This helps to prevent exposure and access from the outside. Having a single dedicated machine for online use – which is connected to the internet but not connected to your intranet and patient data – and having the other machines remaining unconnected from the internet is a superior way to protect privatized data.

Audit trails are another fantastic step. An audit trail will track all activity within the system. By generating date and time stamps to entries, detailing what was viewed, by whom, for how long, and whether anything was modified, can help your medical practice keep tabs on digitized, private, secure personal patient data.

Who Can Help Me Protect My Medical Practice’s Data?

If you own or are part of a medical group, contact the professionals at ProMD Practice Management. We can perform a security audit to ensure your practice is doing all it can to protect and guard the health records of all of your patients.

Call us today at 888-622-7498 or request a consultation online. We can help ensure that your practice doesn’t fall prey to lax security measures and be in noncompliance of HIPAA regulations.

Back ↵