The protection of patient information and business records is a significant concern for physicians, especially as security breaches are an increasing challenge within the health care sector. The need for security also becomes paramount for GPs and Specialists as we move toward establishing Primary Care Networks and a more integrated system of care.  

The Doctors Technology Office (DTO) provides a number of products and services to assist physicians and clinics to safeguard against  security threats and breaches.

For more information on any of these products and services, reach us at

Physician Office IT Security Guide (2018)


The Physician Office IT Security Guide provides practical steps and best practices to enhance privacy and security at the clinic level, and help physicians protect against security breaches and cyberattacks. It is meant to help physicians, clinic staff, and IT support to start on the path of creating a security culture within their practice and increase awareness of common safeguards to protecting patient information. 

The healthcare sector has become an increasing target for cybercriminals. There are many safeguards clinics can implement to help protect patient information from security breaches and cyberattacks. 

As we move towards establishing PCNs and a more integrated system of care, clinic security and the protection of patient health information is a paramount concern.

The document has been reviewed with the OIPC, CMPA, Health Authorities and Ministry of Health. It also complements the BC Physician Privacy Toolkit to provide practical tools to protect patient information. 

Security Education


Physician Office Security: Safeguards 101 Workshops

Learn practical steps to reduce the risks of confidential data breaches such as those due to ransomware and gain tools to safeguard your practice. 
  • Reduce risk of data breaches such as confidential patient information
  • Reduce time, material costs, and impact to workflow due to fraudulent activity  by cybercriminals
  • ​Protect integrity and trust expected by patients


Designed for physicians, office, and support staff, this interactive workshop will help you mitigate the risks associated with security breaches and will focus on three areas of improving security including administrative, physical, and technology safeguards. 

During the workshop, physicians and staff will have the ability to assess their clinic and develop a practical action plan to help bridge gaps in office security. 

You will meet a local Security Industry Expert from the Doctors Technology Office and learn about the importance of office security and gain valuable tools and templates 


This Group Learning program has been certified by the College of Family Physicians of Canada for up to 4 Mainpro+ credits and designed for physicians and office staff and is aligned to provincial and national guidelines for privacy and security. Medical Office Assistants will receive a sessional payment of $20 per hour for attending. 

Since June we have trained over 260 physicians, MOAs and office staff through this workshop.

92% strongly agree or agree that the session enhanced or met knowledge/expectations
94% would highly recommend or recommend to other colleagues

“A complete awareness of an area we really need to work on. Excellent material!”

“Very good – highly recommend. Touched on all topics, some I didn't even think of/know”

Upcoming Physician Office Security Workshop

May 01, 2019 | Vancouver Airport Marriott Hotel (Richmond) 

Our next workshop will take place with the Richmond Division of Family Practice from 6:00 - 9:00pm. This workshop is open to all Richmond Division members, contact the Richmond Division at to register.

For more information or to inquire about workshops being delivered near you, email us at


Clinic Security Toolkit


Implementing necessary security measures to protect patient information can be a long path. Follow the steps below to build a culture of security at your clinic.

Review guides describing best practices and providing tools such as forms and checklist to be adopted by your team.  Click the buttons to download Word files that can be edited to fit your needs.

1. Discuss with your team how to build a culture of security at your clinic

Clinic Security Culture (PDF)


2. Appoint the Privacy Officer and the Security Lead

Roles and Responsibilities of the Privacy Officer and Security Lead (PDF)

3. Consider what type of technical support your clinic needs

IT Support Selection Checklist for Clinics (PDF)


4. Review your clinic current practices in safeguarding patient information

Clinic Security Self-Assessment Checklist (PDF)

5. Create an inventory of electronic equipment and currently used software

Electronic Assets Management Guide (PDF)

6. Implement proper practices for managing individual accounts of your staff

Role-Based Access Guide (PDF)

7. Establish requirements and practices for adequate password management

Password Management Guide (PDF)

8. Create the Clinic Privacy and Security Binder for your clinic’s team 

Recommended Documentation for Clinic Privacy and Security (PDF)




This section contains targeted tools and resources designed to help you start on the journey of creating a culture of security within your practice and:
  • Reduce risk of data breaches such as confidential patient information
  • Reduce time, material costs, and impact to workflow due to fraudulent activity  by cybercriminals
  • ​Protect integrity and trust expected by patients
Clinic Security Self-Assessment A short checklist for you, your staff and local IT to assess the status of administrative, physical, and technology safeguards at private clinic.
Questions To Ask Your Local IT Provider Guidance to physicians on specific questions to ask your local IT support. This is a great conversation starter and provides tips on what questions to ask your local IT. 
Cybersecurity Awareness Brochure A brief guide to share with your staff on protection against two common cyberattack types: phishing and ransomware. It includes a four-step process for addressing a privacy breach. 
Recommended Documentation for Clinic Privacy & Security Keep organized by creating a Privacy and Security Binder for your practice. This resource will help you manage privacy and security required documentation.