Addressing Security Problems
Both hospitals and clinics shouldn't just rely on HIPAA to help keep information private. While complying with HIPAA is mandatory for any individual or business that works in health care or the medical field, it's important that everyone understands their role in regard to this.
Train employees both on the software, but in regard to confidentiality. This needs to be done for anyone that handles private information, from the telephone operators to medical records to the doctors themselves.
Pay special attention if you have DNA patients. DNA stands for 'do not announce' and this is reserved for patients that are hidden from public view. Mostly used for patients on the psych ward, this will usually include patients who have been involved in crimes, patients who have been attacked by other family members, and of course, celebrities. Employees should be trained to never announce these patients over the phone, this even includes the nurses at the floor's nurses station. Often times, it may be the nurses who transfer these calls, which alerts people that the DNA patient is indeed in that particular hospital. Instead, train staff to only accept visitors on an ID basis; basically if the visitor does not have a badge or ID, they are not allowed to see the patient.
Don't rely completely on technology. While it may be easy to switch your files to that of a computer or even a cloud service, technology is still changing and there are bound to be issues. Servers can crash and while not common, the cloud can even go down. One man had seven years of information erased when his Google account was shut down. It's best if you still retain physcial files, however keep them in another building or off site location that is also secured.