6 Tips for Securing Your Patients’ Electronic Protected Health Information

Unfortunately, there is no simple solution to protecting the privacy and security of your patient’s electronic protected health information (ePHI). As the use of technology in the workplace constantly evolves, security only gets more complicated. 

Here are six tips to help protect your patients’ ePHI:

1. Use Data Encryption

Lost or stolen equipment is the primary cause of information security breaches. It’s essential to encrypt your devices for a virtual ‘get out of jail free’ card. While it won’t prevent loss or theft, proper encryption will keep protected health information out of harm’s way.

2. Secure Texts and Emails 

Patients may send unprotected health information to you. Once you receive it, it is your responsibility to ensure that it is adequately protected. Keep personal and work accounts separate, and install data encryption to keep your patient’s information safe.

3. Avoid Email Scams

Be familiar with warning signs to avoid falling victim to phishing schemes and other common email scams. Watch out for some of these clues:

  • Unfamiliar senders
  • Reply-to email addresses different from the sender
  • Urgent calls to action
  • Requests to disclose sensitive information

4. Post with Caution

With millions of people on social networks and professional blogs, it’s not surprising that social media based information security violations are on the rise. Remember that even well-meaning posts about patients without their authorization violate your patient’s right to privacy. This includes posting “gossip” about patients (even if their name isn’t included) and sharing photos without a patient’s consent.

5. Choose and Remember Strong Passwords

It’s hard to believe, but passwords like ‘12345’ or ‘password’ are still commonplace. Reduce the risk of an information security breach by choosing and remembering strong passwords. It’s easy enough to create a strong password – just mash your hands against your keyboard – but try using the first digits of an easy to remember phrase to create a memorable one.

6. Stay Up-to-Date on Your HIPAA Security

You wouldn’t assess a patient at intake and then never revisit that assessment, right? Similarly, you should regularly reassess the risk of potential security breaches to ensure that your patients’ information is protected. HIPAA security is an ongoing process.


MedBridge is here to help! While technical safeguards are a key element to ensuring the safety and security of your patients’ information, the foundation is in training and awareness. Our suite of courses ensure you and your facility have the tools and information to remain in compliance, and focus on what you love: providing quality patient care.

Available courses include: