IT Security – Protecting Patient Information

More than 563 million records have been leaked by various healthcare providers and institutions since 2012. Just last week, a health system reported an accidental release of 507 patient records by an employee through an email attachment.

Houston Methodist takes personal health information (PHI) security very seriously. It’s up to all of us to safeguard our patients’ data. Here’s some tips on how you can help keep our patients’ PHI safe.

Create Password to Export Files with PHI

Any Epic files or reports containing PHI exported to a computer or network drive require the creation of a password to encrypt the file. If you need to share the file with someone, provide the password by phone, text or a separate email.

The password must contain at least the following:

  • Six characters
  • One upper case character (A-Z)
  • One lower case character (a-z)
  • One number (0-9)
  • One special character (!,$,#,%)

Use *securemail* for PHI in Outlook messaging

You can create confidential messages to others without an email address by adding the word securemail to the subject line in Microsoft Outlook. Recipients will receive an email notifying them of the secured message and providing a hyperlink for access.

A Securemail account will then need to be created, which can be used to receive additional confidential messages. After the account is created, they can view, download and reply to the email from our secure server.

Other ways to protect our data:

  • Use Houston Methodist email, because it has several layers of security.
  • Don’t open attachments from your Gmail, Yahoo mail or other non-Houston Methodist email when using your work computer.
  • Send suspicious email to

© 2020. Houston Methodist, Houston, TX. All rights reserved.