Deciphering how to follow HIPAA can be very tricky especially when you add on the complication of computer systems. On top of that not every office will need the same level of security. This is because a lot of the requirements are burden dependent. This means that a smaller office will not need to put forth as much effort and resources as a larger medical institution.

If you think about it, this makes sense because a larger hospital has a lot more data to protect then a small practitioners office and also has the revenue stream to implement more sophisticated systems. Regardless there are a few guidelines that we recommend all doctors office implement to keep patients data safe and secure.

Complex Passwords

It is important to use complex passwords and ones that are not easily guessable. This usually is an 8 digit password that includes letters and numbers and special characters. This sometimes can cause it to be difficult to remember when typing in but there are a couple of tricks that can be used to make it easier. Take a word such as computer it can easily be substituted to look like something like this (0Mputer. Substituting in numbers and characters in place of letters will help you to be able to remember passwords easier.


Now more than ever it is important for your network to be protected with a physical firewall behind your network. Software based firewalls are also good to have but if you had to choose a physical firewall is more important. We usually work with Sonicwall but there are a lot of fantastic fierwalls on the market. A firewall will stop anyone from the externally on your network from accessing your personal files. It can even be customized on a more robust network to set limitations inside of your office. EX: blocking Facebook, blocking access to certain systems. Without a firewall installed on your network you are opening yourself up to potential major problems.


We all click on stupid stuff sometimes. Sometimes we click on a bad website when doing a Google search and sometimes we open an attachment in an email that looks like it was safe to open. It is important to have a good quality antivirus system on the computer. If you cannot afford to purchase a paid subscription to one then having a free one is better than nothing. We typically use Avast Business Cloudcare on all of our systems because it notifies us when our clients systems have an infection removed so we can look into it further.

Data Backup

Unfortunately computer systems fail. It is extremely detrimental  when a hard drive fails on a computer system. Losing all of your patients medical records not only looks very poorly on your business but is also dangerous for your patients health. At minimum you should have an external hard drive or Network drive in your office backing up all your patients data. We usually recommend setting up a Cloud based backup system so just in case your office has a catastrophe of some sorts you still will have that data on hand. Believe me we all think that it will never happen to us but I personally have had clients lose there office to fires and floods.

Do not send Medical records over email

Email is not a secure method of communication. As old fashioned as Fax is, it is a requirement to not use Email. Some doctors offices have chosen to setup secure email which is an option but most people stick to the good old fashioned fax machine.


I hope that this article was helpful to you if you have any questions feel free to contact us or leave a comment below.