5 Ways to Boost the Security of Your EMR

By TherapyNotes, LLC on November 22, 2017
TherapyNotes - 5 Ways to Boost EMR Security

Electronic Medical Record (EMR) providers take extraordinary security measures to protect your data that are outside of the capabilities of the average person. Heavily secured data centers, full database encryption, powerful firewalls, and activity logs help to protect your electronic records from breaches and suspicious activity. Plus, automatic onsite and offsite backups ensure that your data is always secure and accessible, even in the event of natural catastrophe.

With all of these protections in place, it can be easy to absolve yourself of security responsibilities and leave it all up to the professionals. However, while your EMR employs numerous safeguards to protect your data, ultimately you must assume the responsibility of keeping your data secure. Here are some of the responsibilities you have when dealing with sensitive data.


1. Secure Your Computer and Files

While you may not be storing your records on your computer, the security of your device is fundamental in safely accessing your data.

Whether you use Windows, Mac, iOS, Android, or Linux, your operating system has security features to help protect you from inadvertently installing malicious software (also known as "malware"), to encrypt your files, and to provide options for user authentication. Operating system updates are released regularly and often include critical security fixes. As a basic security measure, always run the most up-to-date operating system for your device with all the latest security fixes installed, and enable automatic software updates if possible. Running outdated software could leave you susceptible to hacking exploits.

For added security, your computer should be further protected with antivirus software, and setting your devices to automatically lock after inactivity is essential for protecting your data.

If you do choose to create an extra backup of your records on your own computer, ensure these records are both encrypted and password-protected. Nevertheless, if you can rely on your EMR to secure and back up your data, it may be best not to keep local copies of your medical records.


2. Use a Trusted, Up-to-Date Web Browser

Most popular web browsers have security features built-in to warn you about shady activity and provide basic protections against malware. These browsers are frequently updated to better mitigate security risks, and using an outdated browser could make you more vulnerable to security threats.

To minimize vulnerabilities, keep your browser updated. Both Mozilla Firefox and Google Chrome allow you to enable automatic browser updates. If you browse with Internet Explorer, we recommend switching to Microsoft Edge. Only the latest version of Internet Explorer (11) will continue receiving security updates, and Internet Explorer will eventually be phased-out in favor of Edge.


3. Avoid Untrusted Computers

Never log into your EMR or any other secure system from an untrusted device, such as a computer in a cyber cafe. Because such devices are meant for public use and potentially unsecured, your password may be intercepted by key-logging software, which means that someone else may record and have access to your login information. Even a friend's computer may not be properly protected, so take care to consider when and how you access your records.


4. Lock Your Accounts with Strong Passwords

With the number of accounts we have online, it's tempting to create one basic, memorable password and use it for every account. Our advice? Don't. If another website is hacked, your password could be made public to hackers, and they may try your password on the other online services you use such as Facebook, your bank, or your EMR. Each password should be unique.

Basic passwords such as "123456" or "password" can pose a serious threat to your security since they're easier for both humans and computers to guess. The best passwords contain a combination of letters, numbers, and symbols; use at least 10 characters; and arrange the characters in an unusual order. You may also use a passphrase, a much longer password (such as a complete sentence) that can be easier to remember. The more characters a password is, the harder it is to crack.

If you have trouble remembering your passwords, consider using a password management program which allows you to generate strong passwords and securely store your passwords in a vault protected by one master password. As with any secure software, password managers should be treated as security enhancements, not replacements. Be sure to maintain good security hygiene and keep your master password safe and away from prying eyes.

Of course, once you create a strong password for your EMR, don't share it, and don't put it on a sticky note next to your computer.

Two-factor authentication (2FA) is a great way to further secure your account. 2FA offers an added layer of security to your account by requiring you to log in with your username, password, and a special token that only you have access to. If your EMR offers 2FA like TherapyNotes does, we recommend using that feature.


5. Recognize and Resist Social Engineering

The most damaging threat to your data isn't trained hackers - it's your own willingness to trust.

Social engineering can take many forms, but it generally involves the use of manipulation to trick you into subverting basic security procedures. This could manifest as an official-looking email which claims to be from your EMR provider asking you to "verify" your login information by replying to the email with your username and password. Or, the engineer may even pose as a coworker, asking you to "reset" their password or to provide confidential information about a client.

The simplest way to limit the risk associated with social engineering is to never provide anyone with your username and password, no matter how official or convincing the correspondence may seem. Be suspicious of unsolicited messages or requests, and beware of opening email attachments or clicking on links from sources you aren't sure of.

If a strange message or call appears to be from your EMR provider, give them a call using the number on their website to make sure that the message is authentic and inform them of the suspicious activity.


Security is a collaborative effort. While software providers are deeply invested in keeping your records secure, your entire practice must share the same commitment. Cloud-based record management alleviates many of the worries associated with maintaining paper files, yet security is not to be taken lightly. Be cautious and maintain smart security procedures.

Ready for a better way to manage your records?

Sign up for a free 30-day trial and see how TherapyNotes can help you be more secure.

Start Your Free Trial

* The content of this post is intended to serve as general advice and information. It is not to be taken as legal advice and may not account for all rules and regulations in every jurisdiction. For legal advice, please contact an attorney.


Get more content like this, delivered right to your inbox. Subscribe to our newsletter.

More Content You'll Enjoy

Change Healthcare Outage Update
Status Updates on Change Healthcare Outage Update 4/4/24 at 1:10 PM ET: We are not adding...
Clearinghouse Services Status
Last updated: 6/8/24 3:40 PM EDT