Simple tips to protect yourself and your patients online

For doctors, the internet offers huge benefits. It connects you to up-to-date resources, journals, and healthcare professionals all over the globe, improving your practice and helping your patients. But you need to know how to protect yourself amidst hackers and cyber attacks, especially when sensitive information is at risk. These simple tips can help you stay safe online so that your practice can get the most out of the digital world.

The basics

These three rules apply to everyone including doctors and healthcare professionals. They might help keep your private information just that—private.

Use a password manager: When a website you use is hacked, your email and password can be sold on the black market. If you’ve used the same credentials for multiple accounts, hackers can access your other accounts too. A password manager creates unique and secure passwords for each of your accounts. As an added bonus, it remembers your passwords so you don’t have to.Don’t connect to open Wi-Fi networks: Avoid using Wi-Fi networks unless they are password protected and you know the source of the network. Your activity may be accessible to others while you use an open Wi-Fi network, and some networks have been set up specifically for this purpose.Use two-factor authentication whenever possible: Many email and file-storage systems allow you to add this extra step to the login process before you can access your files. It’s easy to set up and can keep unwanted eyes off of your personal emails and documents.

Special considerations for doctors

As a doctor, you handle sensitive information and face additional pressure to protect your professional identity. You can still communicate with colleagues around the world if you abide by a few simple rules.

  • Know the ins and outs of de-identification: If you’re communicating about a patient, you can keep their identity safe through de-identification. This is the process of removing personal identifiers from photos and case descriptions. On Figure 1, healthcare professionals share medical cases with faces blocked, dates redacted, and 17 other identifiers removed. All of this is done to allow doctors to communicate across institutions and borders without revealing any private health information.

  • Use HIPAA-compliant messaging: When you must share patient information, do it in a privacy-safe way. The Health Information Portability and Accountability Act (HIPAA) governs the sharing of PHI (private health information) in the U.S. Similar laws exist in other countries. Figure 1’s Direct Messaging has been designed with physical, technical, and administrative safeguards to meet HIPAA. All messages are secure and encrypted, meaning it can be safely used in your workflow.

  • Be professional, always: It’s important to apply the same ethical principles you use in your practice to what you post online. This means avoiding gossiping or complaining about patients. On Figure 1, we ask that healthcare professionals don’t post anything that they wouldn’t say in front of a patient.


Follow these simple tips to minimize your risk and get the most out of the Internet—like following a leading neurosurgeon using augmented reality or interacting with BMJ researchers about their latest research.