PMH Connectivity & Digitization Program 2024-2025
Impact Report
The PMH Connectivity & Digitization program supports Vancouver-based clinics to evaluate and improve their technology workflows, digital security approaches and connectivity to provincial health systems. The program helps to ‘bridge the gap’ connecting clinic leaders to the services and resources needed to realize positive technology outcomes for their clinics.
During our 2024/25 program (June 2024 – March 2025), our Tech Concierges provided personalized support to 70+ Patient Medical Homes (PMHs) in Vancouver answering hundreds of questions, connecting decision-makers to provincial partners and supporting improvements in technology workflows and digital security.
Security & Technology Assessment Findings
Last year, clinics had the option to participate in a Security & Technology Assessment, which involved a 1-2 hour on-site assessment with a security expert, followed by a customized report of their findings and recommendations for improving clinic security, as well as follow up with the security consultant to answer any questions they might have.
Many of those who participated in the assessment process expressed curiosity about our findings across all participating clinics, and what trends we could see in clinic cybersecurity in the Vancouver area.
Across 65 participating clinics, we saw trends in particular areas for improvement, and would like to share our findings and most commonly made recommendations.
The Security & Technology Report was divided into 6 main areas:
EMR Security
PC Security
Network Security
Physical Security
Data Security
Vulnerability Awareness
Each area was assessed on a three point scale: Needs Improvement, Adequate, or Robust.
EMR Security
The EMR Security assessment evaluated best practices around EMR security settings and workflows that ensure patient data is protected from unauthorized access.
Overall, a slight majority of clinics received an assessment rating of ‘Adequate’ or ‘Robust’, indicating a fair level of existing awareness around best practices for ensuring security in EMR application management.
PC Security
This PC Security assessment examined the security of a clinic’s personal computers (PCs) – both those used by staff and/or practitioners. We found that many clinics had some room for improvement relating to their computer security.
Of note was that many clinics were not aware that Microsoft is ceasing support of Windows 10 in October 2025, after which time Microsoft will no longer provide operating system security updates. Recommendations were provided to 75% of participating clinics to update or upgrade one or more computers (either Windows or MacOS).
Network Security
The Network Security assessment examined the security of the clinic’s wireless (Wi-Fi) network, including any guest networks if available.
Many clinics had robust network security thanks to factors including clear guidance from the DTO as well as a clearly established industry standards for wireless network security that is well-supported by existing network devices and internet providers.
Most clinic networks required only one or two small—but important—security enhancements, rather than a complete overhaul of their existing infrastructure
Physical Security
The Physical Security assessment reviewed how clinics managed devices and documents containing patient information to prevent unauthorized access, damage, or theft.
This area showed an even distribution of assessment ratings, with the most common recommendations involving securing computers, printers, and network routers from theft and/or unauthorized access or viewing.
Data Security & Integrity
The Data Security and Integrity assessment examined how clinics protect and manage patient records. While many clinics now use cloud-based EMRs, some still maintain physical records that require secure storage. Even in fully digital environments, patient data is often shared via USB drives, fax, or email—highlighting the need for secure handling and disposal of both digital and paper records.
Most recommendations in this area focused on strengthening storage practices and disposal procedures to safeguard patient information.
Vulnerability Awareness & Planning
The Vulnerability Awareness and Planning assessment examined clinic policies and staff training related to cybersecurity. It also aimed to raise awareness amongst clinic teams about the importance of their roles in maintaining a strong security posture to protect patient data. This was the most common area for improvement across nearly all clinics, highlighting a critical need for better staff training and clear privacy and security policies. These measures help ensure that staff understand their responsibilities and know how to respond appropriately to potential privacy or security breaches.
Top Recommendations
Curious about what were the most commonly recommendations were?