OutSmart EMR Knowledgebase

Learn to work smarter, faster.

What to do if a Patient’s e-mail address is compromised

Although OutSmart makes every effort to not send any critical information to a patient’s e-mail address, in some cases there may be secondary security concerns.  For example, password reset links may be sent to an e-mail address.

It is therefore important to ensure that when a patient’s e-mail address is compromised, immediate action must be taken to secure the account.  Here are the steps to take, in order of priority.

  1. Revoke any access to the patient’s medical records.  You can do this from the Client Workspace.  Open up the Client Workspace, and then click on the tab at the top right that is called “Patient Portal Access”.  In this tab, if you see that there is a patient portal account that has access to this patient’s medical records, immediately click on the “Revoke Access” button to remove access.
  2. Remove the patient’s e-mail address from their record.  You can also do this from the Client Workspace.  On the left side of the screen below the patient’s demographic information, there is an “edit” button.  Click on this button – that will open up the patient’s demographic profile.  Delete the e-mail address and click save.  This will ensure that no communications from our system go to the compromised e-mail address.
  3. Get the patient’s new e-mail address, and enter that address into their demographic profile, in the same place as where you removed the address in the previous step.
  4. If the patient wants access to their records again, instruct the patient to create a new patient portal account, and provide them their medical records Access Code.

Revoking access to medical records.

Revoking access to medical records.