Keys to Securing Data as a Practitioner

With patient identity theft on the rise, it’s important that practitioners and patients alike know how to prevent a security breach. Because of HIPAA, physicians that are covered entities are required to take action to protect their patients’ medical records or protected health information. Physicians and medical centers should be proactive while securing sensitive data. Some of these safeguards are physical security, electronic security, monitoring, and employee training.

In today’s technology driven environment, information is only a click away.  This could be true for your data too unless the proper steps are taken to ensure data security.  Due to the enactment of HIPAA, physicians are required to take action to protect their patents’ medical record or protected health information. (PHA). Through the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, violations and breaches are more costly than ever.  Arming practitioners and patients alike with knowledge is necessary for protection.  Physical security, electronic security, monitoring, and employee training are the keys to securing data.

PHI includes both physical data, such as forms and paperwork, and electronic data.  Whether physical or electronic, a patients’s data can be defined at any point in time as created, stored, used, transferred, or destoyed. Along the path that data travel, there are several keys to security.

First and foremost, determine what type of data is being retained and whether the retention of those data is critical to the business. Only keep what is needed, otherwise the risk of a breach grows exponentially with time. If it’s not kept, it cannot be compromised. In most cases, confidential information is not important to doing business. However if it is, here are some areas to focus on.


Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.