How to Protect Your Patient Health Information Online

A quick guide to securing your health-related data.

4 min read

In our technologically advanced world, your data is everywhere—snagged for targeted ads, stored by apps, and analyzed by companies. Your health data is also out there. Because that information is so private and personal, it’s essential to know how to be responsible with your patient health information (PHI). “Patients are divulging so much more than before,” says Morgan Beidel, Chief Strategy Officer for LabFinder. “We use so many platforms.”

Here’s a quick guide to what you should look for when navigating the world of healthcare online.

Understand what might be sold or stolen—and why.

When it comes to the world of advertising, demographic information is king. Advertisers want to know your age, location, and gender. But if your healthcare information is online, they may also be able to get your clinical or psychosocial information. Insurance companies may purchase online data to set rates and premiums or marketers may use it to target you for ads.

Even worse, medical identity thieves may use PHI to impersonate you and get prescription medications or medical treatments.

Know what is and isn’t secure.

The Health Insurance Portability and Accountability Act (HIPAA) guidelines protect your PHI when it’s held by providers. That includes your doctors, insurance company, and organizations working on behalf of those groups. LabFinder, for example, is HIPAA compliant.

What are the requirements for HIPAA compliance? At a minimum, it means guaranteeing the confidentiality, integrity, and availability of all records created, received, transmitted, or maintained. It also requires protecting your information against any reasonably anticipated threats—that means staying on top of security protocol.

When your records are stored by your doctor, for example, they have an obligation to keep them safe and private under HIPAA. If your doctor wants to send you a message via LabFinder, we use protection methods to make sure those communications are private. That includes encryption, security, and passwords, among other means.

However, if you want to take control of your health information and store your own records, that information may become vulnerable. “When that info goes to a patient’s phone or another device, that’s up to the patient to protect,” says Aviva Halpert, LabFinder’s HIPAA compliance officer.

Your device or app is likely unprotected.

Information on emails, stored on your computer or phone, or sent via social media or other online communities is no longer under HIPAA protection and could be vulnerable to bad actors.

Unless an app states that it is HIPAA compliant or otherwise secure, it won’t protect your PHI. For example, the data gained from fitness watches may not be protected and, in some cases, could be sold to advertisers. Always read privacy statements before using any new app or service related to your health.

Keep your information safe.
Take control of your PHI by doing everything you can to keep that information safe. It’s true of many things, but particularly PHI: Don’t post anything online unless you’re okay with it being made public. Expect that social media messages, email, or texts could be vulnerable to attack.

Protect yourself by using strong passwords and, when available, two-factor authentication. Always verify the source before sharing your information. If you print out your medical information (which might include doctor’s orders, prescriptions, and other material) for one-time use, shred it before throwing it out so that thieves cannot use that material to impersonate you or access your online data.

Be wary of free online medical services—LabFinder protects your data under HIPAA, but not all medical scheduling services make that guarantee. Verify that a service is HIPAA compliant or ensure other privacy protection methods before giving them your insurance details or other health information.

How LabFinder works to protect patient data…and empower patients, too.

LabFinder puts patients first. That’s why we follow a few simple rules:

  • Our privacy policy is easy to read so that you can understand what we’re doing with your data.

  • Patients can volunteer to submit their location data, but we don’t track them.

  • We do host patient health information (PHI)—that’s how we’re able to give you direct access to your test results—but we never sell or distribute patient PHI data.

  • Our platform is HIPAA-compliant. We work to keep your records secure.

  • We give you, the patient, the power to share your own results. Test results are always sent directly to patients, who are then able to securely share those results as they choose. Remember: Be careful about who you share these results with and on what platforms.

Have questions about patient health information? Or are there other topics you think we should cover? Drop us a line at