The protection of patient information and business records is a significant concern for physicians, especially as security breaches are an increasing challenge within the health care sector. The need for security also becomes paramount for GPs and Specialists as we move toward establishing Primary Care Networks and a more integrated system of care.  

The Doctors Technology Office (DTO) provides a number of products and services to assist physicians and clinics to safeguard against  security threats and breaches.

For more information on any of these products and services, reach us at


The Physician Office IT Security Guide provides practical steps and best practices to enhance privacy and security at the clinic level, and help physicians protect against security breaches and cyberattacks. It is meant to help physicians, clinic staff, and IT support to start on the path of creating a security culture within their practice and increase awareness of common safeguards to protecting patient information. 

The healthcare sector has become an increasing target for cybercriminals. There are many safeguards clinics can implement to help protect patient information from security breaches and cyberattacks. 

As we move towards establishing PCNs and a more integrated system of care, clinic security and the protection of patient health information is a paramount concern.

The document has been reviewed with the OIPC, CMPA, Health Authorities and Ministry of Health. It also complements the BC Physician Privacy Toolkit to provide practical tools to protect patient information. 

New Online Course

Security in Low Doses:
Safeguarding Patient Information in Private Practice

Security in Low Doses: Safeguarding Patient Information in Private Practice is an introductory course that supports medical clinics to improve their current security practices and to protect the integrity and trust expected by patients.
Learn how to implement basic protective measures (safeguards), better train your staff, and prevent the risk of security threats and privacy breaches. Meet basic education requirements for secure access to eHealth viewers offered to private practices in British Columbia. 
Target audience: Family physicians and nurse practitioners, medical office managers and assistants, third parties working in private practice medical clinics.

Designed in partnership by UBC CPD and the Doctors Technology Office
Up to 1.0 Mainpro+ and Certificate of Completion




Implementing necessary security measures to protect patient information can be a long path. Follow the steps below to build a culture of security at your clinic.

Review guides describing best practices and providing tools such as forms and checklist to be adopted by your team.  Click the buttons to download Word files that can be edited to fit your needs.

1. Discuss with your team how to build a culture of security at your clinic

Clinic Security Culture (PDF)


2. Appoint the Privacy Officer and the Security Lead

Roles and Responsibilities of the Privacy Officer and Security Lead (PDF)

3. Consider what type of technical support your clinic needs

IT Support Selection Checklist for Clinics (PDF)


4. Review your clinic current practices in safeguarding patient information

Clinic Security Self-Assessment Checklist (PDF)

5. Create an inventory of electronic equipment and currently used software

Electronic Assets Management Guide (PDF)

6. Implement proper practices for managing individual accounts of your staff

Role-Based Access Guide (PDF)

7. Establish requirements and practices for adequate password management

Password Management Guide (PDF)

8. Create the Clinic Privacy and Security Binder for your clinic’s team 

Recommended Documentation for Clinic Privacy and Security (PDF)



This section contains targeted tools and resources designed to help you start on the journey of creating a culture of security within your practice and:

  • Reduce risk of data breaches such as confidential patient information
  • Reduce time, material costs, and impact to workflow due to fraudulent activity  by cybercriminals
  • ​Protect integrity and trust expected by patients
Clinic Security Self-Assessment A short checklist for you, your staff and local IT to assess the status of administrative, physical, and technology safeguards at private clinic.
Questions To Ask Your Local IT Provider Guidance to physicians on specific questions to ask your local IT support. This is a great conversation starter and provides tips on what questions to ask your local IT. 
Cybersecurity Awareness Brochure A brief guide to share with your staff on protection against two common cyberattack types: phishing and ransomware. It includes a four-step process for addressing a privacy breach. 
Emergency Contact List Template This template provides a way to collect all the contacts that clinic staff should have available in case of an emergency or security breach. It should be saved and filed away in your Clinic Security Binder for easy reference.
Privacy Policy Worksheet Template This template can be used alongside the BC Physician Privacy Toolkit and Privacy Policy Template to help clinics brainstorm the key components to include in their privacy policy. Once the policy is created, it should be included in your clinic security binder for future reference.
Recommended Documentation for Clinic Privacy & Security Keep organized by creating a Privacy and Security Binder for your practice. This resource will help you manage privacy and security required documentation.