top of page


On November 1, 2014, Ontario's Personal Health Information Protection Act (PHIPA) came into force. PHIPA is a consent-based health information law that says patients have primary control over their personal health information. They must grant consent to healthcare providers before providers can share that personal information with other people, such as family members.

Whether your medical office still uses mostly paper records or has made the switch to electronic ones, you need to know how to protect patient information. Help your healthcare facility avoid PHIPA violations by implementing the following security measures for physical and electronic medical records.

How to Protect Original Documents and Filing Systems

Although electronic medical records are becoming the norm, most medical offices still have some paper records. These records remain vulnerable to unauthorized access unless properly secured. Use these safety measures to protect paper records.

1. Keep all paper files in secure storage.

Your healthcare facility might use individual filing cabinets, a file room with cardboard boxes, or another file storage method for paper records. But whatever your system is, you should train everyone to follow this rule: Any paper file not in use needs to be locked away. Records left out in the open are easier for unauthorized people to snoop through or steal.

Complying with this rule also means putting away all files at the end of the day. This may add a few extra steps to your nightly routine, but you'll arrive to a cleaner office the next morning. If someone breaks into your facility, this practice also prevents the intruder from having easy access to private records.

2. Use several levels of security.

A locked filing cabinet offers better protection than a cardboard file box, but you shouldn't rely on just one layer of security. Keep lock-equipped filing cabinets in a file room with a keypad or keycard access system so you have at least two levels of protection. Intruders will have to breach both these layers before they can look through private medical records. Multiple security levels also give staff or police more time to arrive on scene when alarms go off before record security is compromised.

3. Give only authorized personnel access to file rooms.

Medical records stay safest when only people who need to see them have access to them. You can restrict access to your facility's paper records by:

Locating file rooms in well-lit areas in view of other employees

Installing windows on file room doors and walls

Using surveillance cameras inside file rooms (you must inform people they are on camera)

Giving keys, key codes, or keycards to select employees

Making and enforcing rules about who can and cannot be inside file rooms (e.g. employees without keys, patients, family members)

Also, you should never share keys, keypad codes, or keycards with unauthorized people. This rule applies even when it would be more convenient for an unauthorized employee to have quick, one-time access.

4. Have cabinets and file rooms rekeyed when necessary.

Unfortunately, sometimes employees lose keys or fail to return them when they leave employment. If this happens, it's important that you call a locksmith right away. The locksmith can change the locks to prevent unauthorized persons from accessing the secured records.

After rekeying the locks, your locksmith will also create new keys. Request the minimum number of key copies you think you'll need. That allows you to grant access to the fewest people possible and keep records away from prying eyes.

How to Protect Electronic Records

In a previous blog, we discussed cybersecurity at the office. We also offered tips about creating secure passwords and keeping them safe. You should follow those best practices to keep unauthorized persons from accessing medical records. You can also take these additional precautions.

1. Install encryption software on all healthcare facility electronics that access records.

Encryption software turns readable information into unreadable gibberish when anyone but an authorized viewer looks at the document. If encryption-protected electronic medical records are lost, stolen, or hacked into, the information usually stays confidential. That's why strong encryption software offers healthcare facilities the best defence against unauthorized access to medical records.

Encryption software is valuable on all computers and electronic devices, but it's essential on mobile devices. Mobile devices are more easily misplaced or stolen than desktop computers. If tablets, laptops, or portable hard drives end up in the wrong hands, encryption software ensures that sensitive patient records remain secure.

2. Use locks to protect hard drives and other electronic record storage from theft.

Although portable electronics are more vulnerable to theft, someone's intent on accessing medical records could also steal a hard drive. You can prevent this by securing all electronic storage inside desks, cabinets, or locked rooms. A locksmith can help you choose a padlock, keyed lock, or combination dial appropriate for your needs.

Whatever type of medical facility you work at, you want to keep your patient records safe. It's about more than complying with PHIPA requirements; it's about protecting your patients and their private health information. Implement these safety measures so confidential medical information stays confidential.

Affordable Lock is a locksmith in Markham serving the Greater Toronto Area, including Scarborough, Aurora, North York, Newmarket, Richmond Hill, Vaughan and Stouffville. With over 30 years of experience, we pride ourselves on looking after your commercial or residential locksmith needs. Affordable Lock’s showroom in Markham showcases a wide selection of keys, locks and an assortment of other security products for your home or business. Whether you are looking to upgrade your home or business’s security, or solve security issues, Affordable Lock Services Inc. in Markham is here for you! Give us a call today.


bottom of page