A 2017 survey the American Medical Association conducted with 1,300 physicians indicated that more than eight out of 10 have experienced some sort of a cyberattack. Medical records can be very valuable for hackers and thieves. It’s a pretty trivial thing to cancel a stolen credit card, but people can’t just cancel their medical history. Plus, medical records have personally identifiable information like names, addresses and social security numbers.

As a practice, you want to do everything in your power to keep your patients’ records safe, and not just for your HIPAA compliance. That’s why we’ve compiled some tips to help keep your patients’ information under lock and key, even when they’re in a computer:

Start With a Culture of Security

The weakest link in any IT system is the human using it, and that holds doubly true for information security. It’s not enough to have just one training and think you’re protected from bad habits or bad judgement. Educate yourself and your staff on proper cybersecurity practices, such as forcing employees to change their passwords every two month and not allowing them to use the same password twice for 10 consecutive passwords.

It’s also that you and your staff know what scams are lurking out there. For example, phishing is when people send fake emails, texts or phone calls to trick others into handing over information. But security goes beyond not falling for scams. You have to train your staff and convince them why information security is important. You have to make it a core value of your practice.

Password Protection Is Key

Mobile devices —be they laptops, smartphones or tablets—have added a new layer of convenience to medical practices, but that convenience can come at a cost to security. Mobile devices are more easily lost or stolen than desktops or other tethered devices, and they can sometimes be used where unauthorized people can see sensitive data. That said, by taking the right precautions and with proper staff training the risks can be mitigated.

To start, whenever possible, mobile devices should be protected by two-factor authentication. Two-factor authentication requires two ways of unlocking a device, such as a password followed by a PIN texted to a user’s phone. That makes it much harder and much less convenient to get at any data from stolen devices.

Building on this, you should strongly consider investing in tools such as password vaults. These password management programs, such as Dashlane or LastPass, allow you store your passwords in a protected digital space.

Have a Plan

If the worst happens and your data is compromised, you may be locked out of your system for hours, days or even weeks. Thieves may attempt to sabotage your operations. Don’t let a security breach turn into a full-on disaster and keep you from seeing patients–back up your data.

Disaster recovery plans are an often overlooked aspect of cybersecurity, but they’re required for HIPAA compliance. Make sure you have a daily backup of data that goes somewhere off-site and possibly offline. That way you’ll always have a copy of your electronic health records that you can easily access in the event of a breach, enabling you to continue seeing patients. A number of companies can provide HIPAA-compliant, offsite and encrypted backup services.

However, disaster recovery and contingency plans go beyond data backup. Other aspects of a disaster recovery plan include:

  • An uninterruptable power supply or backup generator
  • Antivirus software
  • Fire safety measures such as sprinklers or extinguishers
  • Surge protectors to prevent damage to equipment

Develop Good Habits

It’s important for information security culture to become ingrained in your practice. As a medical professional, you know how important it is for patients to build good habits for their health. It’s the same for the health of your information protection.

Here are some of the most useful habits to develop when it comes to cybersecurity.

  • Disable remote file sharing and remote printing, and ask employees to turn off smartphone features such as Apple AirDrop
  • Keep computers free of clutter and unnecessary programs
  • Keep software–including operating systems, antivirus and EHR software–up-to-date
  • Make sure any accounts for employees no longer employed at your practice are deactivated, and any devices that store data have that data destroyed before decomissioning
  • Use a firewall at all times

At Points Group, we offer turnkey solutions for all of your website needs, including security. Contact us today.

Our Partners

facebook marketing partner
google partner
shopify logo
hubspot partner program

Subscribe to Our Newsletter!

@ 2023 Points Group / All Right Reserved

This Privacy Policy governs the manner in which Points Group, LLC collects, uses, maintains and discloses information collected from users (each, a “User”) of the https://www.pointsgroup1.10web.me website (“Site”). This privacy policy applies to the Site and all products and services offered by Points Group, LLC.


We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain Site related activities.


We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about User’s means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.


Our Site may use “cookies” to enhance User experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert them when cookies are being sent. If they do so, note that some parts of the Site may not function properly.


Points Group, LLC may collect and use Users personal information for the following purposes:

  • To improve customer service
  • Information you provide helps us respond to your customer service requests and support needs more efficiently.
  • To personalize user experience
  • We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
  • To improve our Site
  • We may use feedback you provide to improve our products and services.
  • To run a promotion, contest, survey or other Site feature
  • To send Users information they agreed to receive about topics we think will be of interest to them.
  • To send periodic emails
  • We may use the email address to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.


We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.


We do not sell, trade, or rent User’s personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above. We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.


Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.


Points Group, LLC has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.


By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.


If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

Points Group, LLC


150 Morristown Road, Suite 220

Bernardsville, NJ 07924

This document was last updated on July 24, 2014