Canadian healthcare organisations face a growing number of security threats.

For example, hackers recently breached an Ontario home care . They stole records that contained the names, contact info, credit card data, and detailed medical history of up to 80,000 patients. The cyber criminals demanded financial compensation in exchange for the data.

Internal breaches are also on the rise. According to Verizon, insiders cause 58 percent of healthcare PHI data breaches. In fact, an Ontario nurse was charged with stealing patient data and using it to obtain narcotics for non-medical use. Patients are now suing the hospital where she worked.

Does your healthcare organisation inadvertently leave patient data exposed?

Malicious employees only cause a small percentage of breaches. A report from MIS Training Institute found that . example, an employee may leave a patient’s chart unattended on a desk or accidentally email a file to the wrong person.

Regardless of the cause of the breach, keeping patient data secure is a top challenge for healthcare organisations. A 2018 study found that data privacy, security, and cybersecurity are hospitals’ #2 concern – just below patient safety.

Here are five ways that you can minimise your security risks and keep your patient data secure.

1. Understand your risks.

Get clear on where you are storing patient info. For example, do you rely on paper files, digital systems, or both? Who can access your patient data?

You should also conduct a Privacy Impact Assessment (PIA) whenever you implement a new system or upgrade an existing one. A PIA is a risk management tool used to identify the actual or potential effects that an information system, technology, program, process or other activity may have on your patients’ privacy.

Most hospitals conduct a PIA when they install new technology. However, they often skip this step when they upgrade or integrate their existing systems. In addition, many hospitals lack a formal, annual review process to determine whether their patient data is compliant.

2. Don’t rely on perimeter security alone.

Many hospitals focus on protecting their network perimeter to keep unwanted users away from their data. However, as more of your data moves to the cloud, it’s getting harder to define where your perimeter is located. For example, doctors may use mobile devices and cloud apps to collect patient data at the point-of-care.

Using a digital rights management (DRM) system can shore up your security and help you remain compliant – no matter what device employees use to view your data. DRM allows you to encrypt files so they are unreadable to anyone who doesn’t have access rights. Your DRM should keep your access policies in place even if files leave your network.

3. Get rid of old equipment.

Outdated technologies are no match for today’s security threats. Examine all of your technology – from printers to operating systems – to determine if it they pose a risk. It might be time to securely dispose of these items and replace them with technologies that better protect your patient data. 

4. Digitise your papers.

A recent that hospitals throw thousands of documents that contain patient data into recycling bins. The research warns that not shredding these files can lead to liabilities.

Digitising your paper is another step you can take to ensure that patient information doesn’t end up in the open where anyone can read it. When you digitise your files, you can store them in one central and secure location. This helps you keep patient data away from unauthorised people and makes it easier for you to maintain audit trails.

In addition to boosting your data security, digitisation also improves your efficiencies. Storing all your patient files in a central repository makes it easier for doctors, nurses, and administrators to find what they need. They also won’t struggle with multiple versions of the same document. When someone changes a file, it will update so other authorised individuals can view the latest edits. 

5. Protect your printers.

Look for a print management solution that allows you to apply access controls. That way, you can define who is allowed to use your equipment and what they can print, scan, or fax. This not only boosts your security but also creates an audit trail that shows you when, where, and how employees access information.

Another way you can keep your printouts secure is with swipe and release technology. Normally, employees hit a “print” button and then let papers sit on a printer until they have the time to pick them up. With swipe and release technology, hospital staff can swipe their ID cards to run their job from any networked printer at any time. This reduces your risk of employees printing sensitive files and leaving them unattended. 

Having control and access over who and what information gets printed / faxed / scanned, etc., it produces an audit trail of when information is being accessed and can be traced to its origin.

Inefficient processes and the reliance on paper can expose your patient data. When you automate your processes and digitise your files, you can reduce your risks and maintain compliance.


Discover how other Canadian healthcare organisations are streamlining their processes and making their patient data more secure at