Preserving Security with Electronic Health Portals

Patients who access their medical records on their physician's portal with a mobile device should do so with caution, security experts say. Carelessness can expose patient data, says Adam Greene, a Washington, D.C., attorney who specializes in health information privacy and security.

Greene and Angela Dinh Rose, a director at the Chicago-based American Health Information Management Association, offer these suggestions for protecting portal information.

> SECURE PASSWORDS:

Pick strong passwords for both portal access and the electronic devices where the information is viewed or downloaded, ideally ones with a mix of letters and numbers. Check if the mobile devices limit the number of log-in attempts before the user is locked out, Greene says. With some mobile devices, setting a password automatically triggers encryption of the information the device contains, he says. Verify if it does so.

> LIMIT ACCESS:

To further protect the password, strictly limit the number of family members who have access to that information, Greene says. Even better, some portals allow patients to assign access to delegates, essentially sub-accounts that family members could use, once they set up their own password.

> PROTECT DOWNLOADS:

When downloading information from the portal, think about where it’s being stored. One option is to save medical records to an external flash drive rather than on the device itself, Rose says. Encrypted flash drives can be purchased or software to encrypt an existing drive can be located online, she says. And by all means, wipe those aging phones or computer devices clean before sending them out with the trash.

“These have become very expensive disposable devices,” Greene says. “You oftentimes will upgrade your phone after a few years and don’t necessarily take very good care of the data on your old phone.”