How secure are your patient files?

Joel Friedlaender
Cliniko blog
Published in
3 min readAug 28, 2012

We get a lot of questions about the security of Cliniko, our practice management software system. I am pretty sure we get asked this question commonly because we are completely cloud-based. I would guess that people are less likely to ask about security when they are buying a system that keeps the data on their own computer.

Firstly, I think it’s great when people ask about security, I really wish it was a focus for more practitioners. In most countries, the practitioners are the ones that are legally responsible for securing their patient information, they just don’t always know that.

Now back to the cloud-based thing. It’s such a common fallacy that cloud-based is less secure, and that having the information stored locally on your computer is the best. This post is really just to bring to your attention some key points about information security that you may not have considered.

What do I mean by security?

For the purpose of this post, I am referring to:

  • Privacy: ensuring only authorised personnel have access to patient information, and they can only see parts of the information that they should.
  • Redundancy: ensuring that no data will be lost in the event of unexpected circumstances (ie. fire, theft, technology failure etc.).

Are you storing patient information locally?

This most commonly means you have an installed software application on your computer/server that stores a patient information database. It also could be paper files in filing cabinets.

Here are some things to consider:

  • Do you know all of the security vulnerabilities of your chosen operating system (windows, mac osx, linux, etc.). Every operating system has vulnerabilities, you need to be aware of them and have measures in place to protect against them.
  • Are your virus protection systems up to date? Are they covering your entire system (all computers in your clinic)? Do you do full scans as well as incremental scans? Does it cover your emails?
  • Do you have a firewall? Is it configured correctly?
  • Do you have backups of all your data? Do you keep those backups in a separate location? Is that location secure? Do you test recovering from the backups (ie. do you know that they work)? Are your backups secure (ie. encrypted)?
  • Can you access your system from outside the clinic? If so, how secure is that connection? Does it run over HTTPS? Is it via a VPN?
  • Is your premises completely secure? Would it be hard for someone to steal a computer from your premises that contains patient information?
  • Have you installed all security updates for all applications running on your computers? Are you on the latest version of your chosen software?

If you aren’t answering “yes” to all of these, I would recommend attending to this and/or getting professional assistance to secure your information.

Are you using a cloud-based system?

  • Does the software vendor secure information for you?
  • Are your passwords secure?

If you aren’t answering “yes” to all of these, I would recommend choosing a more appropriate system and improving your password usage.

You probably aren’t an information security expert.

I am guessing it’s unlikely you used to be an information security expert, and decided to make the move into healthcare. If it isn’t your area of expertise, why would you want to deal with it (particular with so many legal obligations).

I am not saying you can’t be as secure with locally stored information… I am just saying you probably aren’t. The amount of time and money it would cost to get yourself even half as secure as you would be using a system like Cliniko, why would you even bother?

Let’s end the myth.

A properly secured cloud-based system will be way more secure than nearly every locally installed patient database. You just need to do your due diligence and ensure your vendor is doing everything they should be (you can see what we do here Cliniko Security). I am not saying Cliniko is the only one, I would assume (and hope) that most cloud-based software vendors for the healthcare industry have similar.

If you have any security questions at all, please post them in the comments and we will be happy to respond. We want practitioners securing their data properly no matter which system they are using.

Cliniko is amazing practice management software for healthcare businesses. Visit https://www.cliniko.com to see for yourself.

--

--