Verify Privacy and Security Considerations - Securing Personal Health Data

Patient health information, regardless of the technology used, must be kept secure and confidential. This task becomes even more critical regarding patient engagement. Providers are still accountable for their requirements under HIPAA when using information technologies such as portals, secure messaging and mobile applications.


Patient portals and direct secure messaging (DSM) with providers are good examples of how technology can remove some of the burden from busy clinicians and staff. With secure online portals, patients can bypass some standard release of information processes and gain fast, electronic access to their health information. Provider-to-provider communications can also be simplified and made more efficient by leveraging new DSM platforms. Regardless of the technology solution used to achieve patient engagement, itt is still however the provider’s responsibility to secure personal health information (PHI) in setting. Some steps that providers should take to ensure that PHI is protected are:

  • Proper policies and procedures are in place to protect PHI

  • A completed HIPAA risk assessment.

  • Comprehensive training for staff.

  • Selecting technologies that thoroughly address the intricacies of PHI disclosure rules.

  • Speaking with your vendors to understand their security systems.


HIMSS Resources/Articles: