Lisa Cassileth, MD, FACS Logo

8 Ways to Protect Your Personal Health Information (PHI)

Patient Medical History Form Concept

Health information has become a major target for cybercriminals. As more personal, sensitive data is recorded digitally for easier access and sharing between providers, it has also created a new range of vulnerabilities for patients.

Sensitive medical information isn’t just limited to what you share with your doctor during an annual check-up. With more than $16.7 billion spent on cosmetic and reconstructive procedures in a single year, the plastic surgery industry has grown into a leading source of elective and outpatient treatments. Clients seek out plastic surgery for a wide variety of reasons:

Studies reveal that satisfied plastic surgery patients experience improved self-worth and self-esteem, thanks to the enhanced quality of life made possible through high-quality enhancements.

The plastic surgery market’s popularity makes it a prime target for con-artists and cybercriminals looking to exploit patients’ finances or other personal information. Blackmail through cybercrime is an issue that should be taken seriously by all potential plastic surgery clients: hackers who obtain private plastic surgery images can threaten to release patient photographs if their financial demands are not met. These hackers have even stolen celebrity plastic surgery photographs, threatening public humiliation or releasing the content.

Plastic surgery clients and patients in every context where sensitive personal information may be shared or recorded can take actionable steps to ensure that their data remains private and confidential. The following information outlines simple tips for securing personal health data from cybercriminal activity.

1. Use a Strong Password and Change It Frequently

Protecting your personal health information starts with a secure online presence. Creating a strong online password means taking the time to create passwords for online accounts that aren’t easily guessed to keep data secure.

Creating a strong online password might sound difficult, but it’s easy to accomplish. The National Cybersecurity & Infrastructure Security Agency specializes in protecting online assets from cybersecurity breaches and blackmail and suggests you practice a few simple password protection tips to secure personal information on the internet:

  • Use long passwords, preferably eight characters or longer, to make it more complex.
  • Avoid familiar passwords, or personal phrases, including family and pet names, addresses, and commonly used past passwords.
  • Different passwords for different accounts help prevent hackers from accessing all of your data, even if they successfully crack a single password.
  • Keep passwords private, and avoid sharing passwords even with close friends or family members.
  • Use similar-sounding letters to create entirely new words or phrases. For example, replacing the “f” sound in a word might transform “factory” into “phactory,” making your entire password more difficult to guess.

If you’re stumped when prompted for a quality password, consider the use of a random password generator that allows you to specify password length, symbol use, letter case, and other qualifying parameters.

2. Don’t Share Personal Information on Social Media and Only Use Reputable Apps

Sharing personal information — especially personal health information — on social media is an invitation for cybersecurity breaches. A hacker’s work is made easier when clients post the same personal information used to answer security questions. No matter how innocent the latest social media personality quiz or game might seem, refrain from volunteering personal information that could be used against you.

Even reputable mobile apps can extract valuable personal information without your consent. One recent study even found that 30 of the most popular health apps were vulnerable to cyberattacks, with millions of patients’ data sets vulnerable to hackers. Data privacy experts suggest calculated steps to protect personal information from cybersecurity breaches:

  • Password managers help consolidate passwords under one, secure roof. The best password manager programs lock your personal information behind secure firewalls, and even provide suggestions for long passkeys.
  • Guard against app permissions that automatically provide app creators with your personal information.
  • Regular app updates ensure users are defended by the latest encryption and protect against hackers targeting outdated versions of the app.
  • VPN network use, especially on public or shared internet connections, keeps personal data safe behind personal web connections. The best free VPN tools can be downloaded in seconds and enhance phone security whether you’re browsing the internet, streaming a movie, or simply accessing email.

3. Protect Your Mobile Device and Don’t Use Out of Date Devices

Protecting personal health information also means protecting your mobile device from cybercrime. If there’s one place where a hacker could access a majority of someone’s personal information, it’s likely a cell phone. From contact information and email passwords to private images and personal health information, cyberattacks against mobile devices have the potential to steal massive amounts of data at once.

Some phone thieves steal phones simply for their high-release values, while others target bank information and other personal data locked behind a crackable passcode. Fortunately, steps to protect your cell phone from cybersecurity breaches are easy and rewarding:

  • Secure your phone with a strong passcode, and opt for longer passwords when possible.
  • Prevent location services, Wi-Fi, and Bluetooth from running when you don’t need them.
  • Enable fingerprint encryption to further protect device contents from hackers
  • When possible, only plug your phone into trusted outlets where you have access to private internet.

No matter the device, out-of-date software and hardware are often vulnerable to cyberattacks. From outdated computer technology to obsolete operating systems, hackers can bypass encryptions much more easily when devices are no longer supported by up-to-date security. Update device software whenever it is safe to do so, and pay attention to updates from Apple, Samsung, Google, and other device creators to identify how long your current phone’s hardware and software — and the personal information inside — are protected from invasion.

4. Download and Share Cautiously and Avoid Public Wi-Fi Networks

Though convenient, public Wi-Fi networks are hardly secure. And while internet access at an airport, coffee shop, library, car dealership, or other public location is offered as a perk, users should remain alert against opportunities for hackers to access personal information.

Hackers using public Wi-Fi can steal personal data through MiTM network vulnerabilities, essentially intercepting personal information when the user requests permission to visit a website or use a mobile app across shared internet. Hackers can also gain access to a user’s personal information through a corrupt download, offering legitimate-sounding downloads like “Google Chrome Update” and instead forcing their way into a user’s device, where personal information is vulnerable.

It’s best to exercise caution if you’re using public Wi-Fi. The Federal Trade Commission (FTC), which aims to protect consumers against antitrust issues, outlines simple measures to protect yourself when using public Wi-Fi:

  • Reserve personal information for secure sites only, and keep your use of personal information online to an absolute minimum while using public internet.
  • Pay attention to web browser alerts for help identifying potentially hazardous websites or web links.
  • Install secure browsing plugins like Force-TLS for extra security while browsing the internet in public places.
  • Use different passwords across different sites to limit any cybersecurity breaches which might arise while using public Wi-Fi.
  • Sign out of accounts once you’re done using them.

5. Monitor and Review Your Data, Bills, and Medical Records

Protecting personal health information begins when you fully understand it. Review personal health information, especially accessible health documents like bills and medical records you might receive from healthcare providers. Protected personal health information is a right protected by law, though this doesn’t mean all doctors and medical professionals sufficiently protect personal health information.

Patients should know and be able to protect their rights to personal data protection under HIPAA, and should remain alert against common breaches that could endanger personal health information. Beyond the threat of cybersecurity to your personal information, clients should review medical bills and any records available to them, to ensure diagnoses, financial expectations, and all other personal health information is up-to-date and protected.

6. Discuss Data Protection With Your Healthcare Provider and Learn Who Has Access to Your PHI

The best healthcare providers will take an active interest in securing a client’s personal information. Especially in an age where medical professionals don’t typically share how they use personal information, discussing data protection with your doctor, therapist, or healthcare provider is important to keep your personal health information safe.

Prioritizing which healthcare professionals have access to your health data is another step toward protecting yourself against data theft. PHI, or protected health information, includes all data on a client’s medical record, including a history of services received. Under the HIPAA Privacy Rule, clients retain rights over protected health information, including the right to secure a copy of their health records and to request revisions. With limitations, this rule also allows patients to identify which individuals and medical providers currently have access to their personal health information.

7. Locate Where Your Personal Health Information Is Stored and How It Moves Around

HIPAA privacy guidelines maintain that PHI must be held away from any unauthorized eyes, locked in a secure file, cabinet, locker, desk, office, or other location where only qualified medical professionals can access it.

Medical records must also be secured during transportation. If someone with access to your PHI informs you that your medical records will be moved, ensure that they understand how to secure personal health information during a move. This means assigning an authorized supervisor and NAID-certified moving company, keeping records secured at all times, and rechecking inventory once all boxes have reached their new destination.

8. Immediately Report any Instances of Possible Fraud

Fraud can quickly compromise even the most secure personal health information. Medical identity theft is a serious crime, and an unfortunate potential outcome whenever personal health information is stolen. Be sure to report any potential fraud related to your PHI, especially when critical health or financial information is at risk.

Protecting against fraud means learning the potential signs that your PHI is being accessed without your consent. In particular, look for:

  • Medical bills for therapy, treatment, or other services you never received;
  • Insurance denial because of newly claimed conditions;
  • Contact with debt collectors because of unfamiliar credit report notices;
  • Receipts from unknown medical offices, centers, clinics, or facilities;
  • Limits reached on medical benefits;
  • Any other suspicious activity that might signal unauthorized use of your PHI.

Clients who suspect they might be victims of medical identity theft are encouraged to report fraud immediately through the FTC. Even if a security breach isn’t confirmed, proactively reviewing the ways you protect your personal health information can help you stay ahead of potential fraud.

Dr. Cassileth Headshot

Lets Chat!

Contact Us

We believe that the connection between the patient and the provider is at the heart of every successful procedure and look forward to meeting you in person to discuss your goals.

Contact Us
I accept the Terms of Use

By submitting this form you consent to receive phone calls, text messages and emails from Cassileth Plastic Surgery. You can opt out at any time, message/data rates may apply, and opting-in includes acceptance of the Privacy Policy and Terms of Use. Communications through this website or via email are not encrypted and are not necessarily secure. Use of the internet or email is for your convenience only, and by using them, you assume the risk of unauthorized use.