A strong password and multifactor authentication are two leading tools in protecting personal health data online. (For Health Beat)

Thanks to technology, many people enjoy the convenience of accessing personal health information online.

They can view results from medical tests and labs, renew prescriptions, access health insurance statements, pay medical bills and more.

So how can people enjoy that accessibility while also protecting privacy on their devices?

Corewell Health information services specialists Aphrodite M. Jones and Aaron Silver took a moment to provide some important tips about information safety.

“Unfortunately, convenience and security don’t always go together,” said Jones, Corewell Health information services lead training specialist.

With these simple steps from Jones and Silver, you can help improve protection of your personal data.

1. Use strong passwords

Strong passwords are especially important for sites that contain medical information and other sensitive data.

Passwords are the first line of defense to protect personal information. Being password savvy is always important, but particularly so when personal health information and financial information are involved.

When it comes to passwords, longer is stronger, Jones said. That means 12 or more characters.

She recommends passphrases, which are sentences or word combinations that you can remember.

Also, make sure passwords are unpredictable. Do not use family member names, addresses, birthdays, or even the names of pets, favorite sports teams or other information that can be found on social media or elsewhere online.

She also suggests using different passwords for different accounts. The sensitivity of the data should determine the complexity of the password.

“If one password was leaked, you would not want someone to be able to use it to get into another account,” Jones said.

What’s a good way to keep track of all those secure passwords?

While password manager applications are not immune to hacks themselves, they can be useful tools as long as they’re protected with a strong and carefully protected master password, said Silver, Corewell Health information services manager of security consulting.

Silver recommends always securing mobile devices with passcodes or other security protection in case they fall into the wrong hands.

2. Use multifactor authentication

Become familiar with multifactor authentication and use it whenever possible.

It might sound complicated, but technology users have likely encountered multifactor authentication and not even known it.

It’s when a website or application requires a user to not only enter a username and password, but also take another step or two to verify their identity. It might involve texting a code to a smartphone, answering secret questions or using fingerprint or facial recognition.

Jones said many different types of accounts and applications include multifactor authentication, such as social media, banking sites and Corewell Health’s own MyChart.

MyChart is a free online tool that allows patients to access health information and connect with their care team in a single place. Features include accessing virtual care, messaging your doctor, getting cost estimates and paying medical bills, viewing test and lab results, scheduling appointments, viewing portions of your medical record and more.

MyChart is designed to be as safe as possible, in part because of features like multifactor authentication, Silver said.

For the best possible security, never give that step up.

3. Safeguard personal information

Don’t give out your personal information in phone calls, texts or emails that seem suspicious.

It’s a fact of life today: Calls and emails from scammers might seem legitimate, but they are in fact an attempt to fraudulently get personal data.

Phishing scams use emails or text messages that look like they’re from reputable companies—companies that a message recipient might do business with. These scams are designed to entice people to share personal information, such as passwords or credit card numbers. When it happens over the phone, it’s called vishing.

Even sophisticated technology users and people who work in internet security can fall prey, Jones said.

Vishing scammers may even attempt to impersonate a health care provider. The fake phone calls can appear on caller ID as if they’re coming from the care provider’s phone number.

If you’re suspicious of a caller or uncertain of their identity, do not share any personal information with them, such as birthdate, social security number or home address, Jones said.

Also, do not share account passwords or temporary verification codes. Corewell Health, for example, would never ask for this information.

Jones recommends asking for the name of the caller and requesting a number to call back. Scammers will not typically provide a callback number. You can also just hang up and call the trusted number for the company or the health care provider.

In general, Silver said, be cautious about sharing personal information.

4. Update your devices

It’s critical to perform regular updates and upgrades on mobile devices and computers. Sign up for regular or automatic updates and heed the prompts when a device requests an update, Jones said.

These updates often not only add new features, but also boost security and patch security gaps that might have left a device vulnerable to hackers.

5. Check your credit regularly

Jones encourages people to take advantage of free credit report checks and review them for any suspicious activity.

You can also set up credit freezes that prevent anyone from checking your credit or using your information to set up new credit cards or loans, Jones said.

6. Connect carefully

When you’re connecting to the internet, consider your location and how you’re connecting.

Only access sensitive personal data if you’re on a secure network. Don’t access sensitive information if you’re on a public Wi-Fi network in a coffee shop or another public place, Jones said.

Also, conduct a review of your home’s routers. These devices enable your wireless devices to connect to your internet service—and they’re vulnerable to hacking.

Jones said if your router is provided by your internet supplier, you could call or check their website for extra security tips for their equipment.

Silver also recommended changing the router’s default password. While this may not be a required step when setting up the router, skipping this might make it vulnerable. Also, make sure the router’s software is up to date, as manufacturers regularly release new firmware to fix security holes.

7. Be cautious on social media

The Health Insurance Portability and Accountability Act, or HIPAA, is a federal law that sets national standards to protect patient health information from being disclosed without the patient’s consent or knowledge. It requires health care providers, insurance companies and other organizations to protect health information.

But according to the Office of the National Coordinator for Health Information Technology, those laws do not apply if you choose to share your health information with an organization that is not covered by HIPAA. That includes if you post that information online yourself—perhaps on social media, or on a message board that discusses health conditions.

Because of this, Jones and Silver said, you should never post anything online that you don’t want to be made public.

Review your privacy settings on social media apps to ensure you know who can see your information, Silver said. Also, check to see if an application uses geotagging, which discloses your location in a photo or a post.

It’s important to carefully protect your data privacy, Silver said.

He and Jones encourage people to learn one new thing each day about data privacy, and then take steps to put those discoveries into practice.