On Feb. 15, a Connecticut hospital discovered that the personal information of more than 90,000 patients had been transferred to a hard drive – which was then taken from the hospital and promptly lost.

MidState Medical Center – which has since dismissed the employee who violated company policy by transferring the sensitive information to a personal hard drive so they could work from home – has notified the 93,500 patients affected and offered each and every one two years of identity protection services. Still, the security breach provides an unparalleled opportunity to ask yourself: "How safe are my electronic records?"

Whether you’re in healthcare, insurance or any other number of fields where you’re the keeper of trusted information, losing data or exposing it to possible misuse can be devastating to your business and your career. All the time, you hear, “I have an electronic document management system – I simply scan my documents onto a hard drive and organize them by folder.”

But the scary truth is that, unless your data is backed up in multiple locations, protected by multiple layers of security and accessible by multiple trusted people in your business, it’s wide open.

So what steps can you take to ensure that your sensitive information stays sensitive?

• Explore a hosted document management solution that can offer unparalleled security, vendor IT maintenance, and backup on two or more secure servers housed in different locations. The best part about this setup is that, in addition to keep your data safe and sound, it allows multiple people within your organization to view the essential information – but only if they have the permission to do so. That way, your operations are less likely to be compromised by unauthorized access or disrupted by a shift in leadership.
• Keep your data secure when going electronic by redacting sensitive information prior to sending it to other parties. All reliable hosted document management providers will encrypt your files, but you can add another layer of protection by using built-in document viewers to literally white-out such information as Social Security numbers, birthdates, address and more.
• Stay wise about your data policies. Be clear about what employees and staff can and cannot do. Hooking unauthorized jump drives, external hard drives and other personal peripheral devices to company computers might be opening you up to an unauthorized transfer of information.

In the wake of the breach, MidState Medical is reviewing their policies and taking steps to prevent a recurrence of the most recent incident. What’s your policy?