How to Protect Your Patients Data

While we may hear most frequently about breaches of privacy in the retail sector, healthcare is not far behind when it comes to the targets of cyber-criminals. In 2013, the healthcare sector was the target of 43% of all cyber breaches. This information comes from the “Identity Theft Resource Center’s 2013 Breach Report.” On average, victims were out $18,600 in medical costs.

It may seem like retail information is more valuable than electronic medical records, but unfortunately, this is not true. When sold on the black market, a medical record is assigned a higher value than a credit card. The World Privacy Forum has calculated that a medical record, which includes all of the information necessary for identity theft, sells for $50 on the black market, while a credit card sells for only $3.

Patient records are more often being stored electronically as opposed to physically, which means that protecting this information is key. If you want to know how to protect your EMR data, keep on reading.

Put it in the Budget

Privacy protection needs to be included in your budget. There is no current recommended value when it comes to privacy protection budgeting, but many organizations seem to think that more than 10 percent of the total budget should be allocated to privacy protection. Use this budget to hire specialists like TrueNorthITG Healthcare IT consultants.

Role Based Security Access

Make sure that only those who need to access certain records have access to them. This is essential for HIPAA compliance, and protects your organization against lawsuits should patient data be compromised.

Consider the Consequences of BYOD

We rely on technology in both our personal and professional lives. While bring-your-own-device would be secure and convenient in a perfect world, the truth is, we do not live in that world yet. To rectify this, some organizations have tried to completely eliminate BYOD, but this fails every time. This is because employees frequently have devices that operate in both a personal and professional capacity. For the most secure BYOD policy, make sure the limit the way that patient data is dealt with when it comes to various devices. It is extremely important to enforce these rules strictly.

Go Enterprise-Wide

It is important that every department is educated on, and understands, the importance of protecting patient data, and the way that you protect it. If you only inform the IT department, employees in other departments may make errors that put patient data at risk. It would be wise to have a series of meeting with each department in which you give a brief reminder about HIPAA, how it relates to electronic records, and how their department can best protect patient confidentiality.

Be Prepared

Finally, make sure to have a plan ready should there be a breach. Make sure to update this plan as your system changes, or as any regulations change. Keep up to date on recent breaches to find out how they happened. Make sure that your staff is also updated on these changes.


Image courtesy of [Stuart Miles] at

Related Posts

Leave a Comment