4 Big Mistakes Doctors Make in Protecting Patient Data

Paul Cerrato, MA


June 29, 2016

In This Article

A Terrifying Prospect for All Medical Practices

Because electronic health records often contain sensitive information, such as patients' phone numbers, email and street addresses, and Social Security numbers, it was only a matter of time before the healthcare community became the latest gold mine for hackers with the skills needed to break into computer networks.

And that danger is by no means limited to large hospitals and healthcare systems with deep pockets and millions of patient records to plunder. Small community hospitals and small- to medium-sized medical practices are at risk as well.

In fact, physicians in large and small practices are exposing protected health information (PHI) and often paying hefty fines for their mistakes. That becomes painfully clear from a closer look at the patient information breaches and Health Insurance Portability and Accountability Act (HIPAA) violations posted on the website of the US Department of Health and Human Services' Office for Civil Rights (OCR).

The "Wall of Shame," as it's commonly referred to, includes entries for more than 1000 providers, each of whom may have exposed 500 or more patient records to the public.

Take, for example, Nihal Saran, MD, a Michigan psychiatrist. He had his password-protected laptop stolen from his home. It contained the PHI of about 2300 individuals. Because the theft involved more than 500 records, and because the computer wasn't encrypted, he was required by law to report the breach to the OCR, which in turn led to the posting on the OCR's list.[1] After the breach, Dr Saran took all the responsible steps required to minimize the damage—notifying local police and contacting those believed to be affected by the breach, among other things.

Following are the most common physician mistakes regarding patient data.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.