When working in the medical industry, protecting your patient’s data is not just ethical – it is required by law. With HIPAA in place, medical professionals must be conscientious about keeping close tabs on patient information and only giving health data to those approved to receive it. Here, medical doctor and health informatician Joel Arun Sursas shares tips for protecting patient privacy in the digital age.

Encourage Security Measures with All Employees

While it may be obvious to physicians what falls under HIPAA compliance, it may not be apparent to those who work as office assistants or medical secretaries. This is why it is critical to take a very proactive approach to ensure everyone in the practice is up to date on HIPAA guidelines and regulations.

This includes having all employees checking documents multiple times before sending any emails or handing over paperwork to ensure verifications are accurate and that the data is going to the right person. Also, not allowing employees to speak about non-essential healthcare data over the phone or to anyone outside the clinic will ensure nothing slips[1].

Give Patients Access to Their Data

Having an online portal or Robotic Process Automation self-service system can cut down on information being sent around, which, in turn, cuts down on information going to the wrong place. Think about it: when you send multiple emails each day with health information or make numerous calls, it is easy to get a wire crossed and send the wrong data to the wrong person.

Dr. Joel Arun Sursas believes that with Robotic Process Automation, human error can be removed from the equation, allowing the automated or partially automated system to make the data delivery. This reduces the risk of data misdelivery and frees up time for other essential tasks that cannot be automated under current systems.

If patients are placed in a position to access their records through a similarly automated system, there is an even lower risk. If possible, giving direct access[2] through a portal account is one of the best ways to make sensitive information available without placing full responsibility on a staff member who may make a mistake.

Understand HIPAA But Do Not Fear It

Ensuring that staff understand HIPAA and consider it a beneficial tool to a clinic is the first step towards creating an environment without data slippage. HIPAA is not meant to be a thumb on your neck, so to speak, but instead, a measure of accountability to ensure patients are receiving confidential care as needed and are able to access medical care without fear of exposure or shame.

Fearing HIPAA does nothing but make it harder to serve patients. It is not a thing to be afraid of, but a thing to embrace. If you comply with it, HIPAA can be a fantastic tool. It is just a matter of making an effort to ensure your entire staff is educated and prepared to face what being HIPAA compliant requires[3].

There are a lot of things you can do to protect your patient’s privacy. From working on an automated system to make connecting easier than ever before without room for human error or just understanding what being HIPAA compliant actually entails, there is always something to help keep your patient’s critical data private and secure.

About Joel Arun Sursas:

Joel Arun Sursas holds a Bachelor’s Degree in Medicine and Bachelor’s Degree in Surgery from the National University of Singapore and is continuing his education to obtain a Certificate in Safety, Quality, Informatics and Leadership from the Harvard Medical School, and Masters in Applied Health Science Informatics from the Johns Hopkins University (both expected in 2020). His technical skills include SPSS, RevMan, and Python. Dr. Joel Arun Sursas’ most recent engagement is with a medical device start-up company Biorithm where he serves as Head of Clinical Affairs, working to take fetal surveillance out of the hospital and into the home, revolutionizing the obstetric practice globally.


1. Lo, Bernard, et al. “HIPAA and Patient Care.” Jama, vol. 293, no. 14, 2005, p. 1766., doi:10.1001/jama.293.14.1766.

2.“HIPAA Turns 10: Analyzing the Past, Present, and Future Impact by Daniel J. Solove :: SSRN.” Search ELibrary :: SSRN, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2245022. Accessed 23 Sept. 2020.

3.“Psychiatry Online.” Psychiatry Online, https://ps.psychiatryonline.org/doi/full/10.1176/appi.ps.55.5.575. Accessed 23 Sept. 2020.