l +1 262-553-6510

Major Security Issues In Medical Offices

6/1/2010 - Author: Felicia

I recently had a discusssion with WGTD station manager David Cole regarding the lack of security in medical offices. Several of the Breakfast Bytes radio shows lately have covered topics that address the lack of security in medical offices. Most medical offices must be compliant with PCI (payment card industry) and HIPPA standards.

Almost none of them are actually compliant though. Worse yet, most medical offices do not even follow IT industry standard security practices.

Medical offices usually have the same security problems. These are:


  • All medical staff have full access to all patient records regardless of job function
  • The business has no policy or practice regarding proper cleaning of electronic storage media prior to disposal (PC hard drives, copy machines, flash drives, cell phones)
  • What about the data on hard drives that are returned under warranty to the manufacturer?
  • Staff do not change their logon passwords
  • Often, all users logon as the domain admin account which has NO PASSWORD (I'm not kidding.)
  • Staff regularly email patient records or parts of patient records unencrypted (This is a direct HIPPA violation.)
  • Photocopying or scanning copies of patients' photo IDs (This is stupid on many levels.)

In future articles, I will cover these topics in more detail, point you to other resources, and try to help you understand why medical offices are in such a pickle.