Skip to content
ScamSniff
← Back to Home

Online Safety

How to Safely Use Your Doctor's Patient Portal — A Senior's Complete Guide

8 min read min readBy ClearShield Team

The short answer: your doctor's patient portal is safe — when you follow a few specific steps. But these websites are also a growing target for identity thieves who specialize in stealing medical information. This guide shows you exactly what to do (and what to avoid) every time you log in.

What Is a Patient Portal?

If your doctor, hospital, or specialist uses a system called MyChart, Epic, Cerner, or something similar, you have access to a patient portal — a private website where you can:

  • View test results and visit summaries
  • Request prescription refills
  • Send messages to your doctor's office
  • See upcoming appointments
  • Pay medical bills online

More than 80% of U.S. health systems now offer these portals, and since the pandemic, millions of seniors are using them for the first time. They're genuinely useful tools. But because they hold your diagnosis history, medication list, insurance numbers, and sometimes your Social Security number, they're also high-value targets for hackers.

Why Cybercriminals Want Your Medical Records

Here's something most people don't know: stolen medical records sell for 10 to 40 times more than stolen credit card numbers on the dark web.

Why? Because thieves can use your insurance information to file fake claims, obtain prescriptions, or receive medical services in your name — and you may not discover it for months or years. By then, the damage to your insurance coverage, your medical history, and your credit can take years to untangle.

This crime is called medical identity theft, and it's one of the fastest-growing forms of fraud targeting adults over 60. The Federal Trade Commission received over 1.4 million identity theft reports in 2023, with medical identity theft among the hardest categories to recover from.

Step 1: Only Log In From a Secure Network

The single biggest mistake people make with patient portals is accessing them on public Wi-Fi — in the doctor's waiting room, a hospital cafeteria, or a pharmacy.

Public Wi-Fi is convenient, but it is not private. Anyone on the same network can potentially intercept what you're sending and receiving, including your login credentials and the contents of your health records.

What to do instead:

  • Use your home Wi-Fi whenever possible
  • If you must check your portal away from home, switch off Wi-Fi on your phone and use your cellular data connection instead
  • Never access medical records on coffee shop, hotel, or free public Wi-Fi without protection

If you travel frequently or visit the hospital often, a VPN (Virtual Private Network) is worth having. A VPN creates an encrypted tunnel between your device and the internet, making it impossible for someone on the same network to spy on your connection. NordVPN is one of the most trusted options available, and a single subscription covers your phone, tablet, and computer.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

For seniors on Medicare and those with supplemental insurance, this kind of early warning is especially valuable. Medical identity theft is notoriously difficult to clean up on your own, and Aura's service includes access to U.S.-based fraud resolution specialists who can help you work through the recovery process step by step if something does happen.

Step 6: Know What Your Portal Will Never Ask You

Legitimate patient portals will never:

  • Ask for your full Social Security number through a chat window or an email form
  • Request your bank account or credit card number just to view your records
  • Ask you to "re-verify" your account by clicking a link in an email
  • Call you on the phone and ask for your portal password

If anything about your portal experience feels off — an unexpected pop-up asking for unusual information, a login page that looks slightly different than normal, or a phone call claiming to be from your doctor's portal — close the browser and contact your doctor's office directly. Use the phone number printed on your insurance card or from the practice's official website, not any number provided in the suspicious email or pop-up.

Step 7: Log Out When You're Done

This sounds obvious, but many people leave patient portals open in their browser and walk away — especially on tablets or shared computers.

Always click the Log Out or Sign Out button when you're finished, rather than just closing the browser tab. Closing the tab does not end your session on many websites, which means someone else using that device could reopen it and see your records.

If you ever access your portal on a shared computer — at a library, a senior center, or a family member's home — take two extra steps after logging out: clear the browser's history and cookies before you leave.

Bonus: Downloading the Official App Safely

Most major health systems have official apps for their patient portals — MyChart, Epic, and many hospital networks have their own branded versions. These apps are generally a safer option than the web browser because they're harder for scammers to convincingly fake.

To download safely:

  • Only use the official Apple App Store or Google Play Store
  • Search for the app by your hospital's or health system's full name
  • Check the developer name to confirm it matches the official organization
  • Read recent reviews before installing

Be cautious of text messages or emails that contain a direct link to download an app. Always search for it yourself rather than following a link from an unknown source.

Your Patient Portal Safety Checklist

Save this checklist or print it out and keep it near your computer:

  • [ ] Use home Wi-Fi or cellular data — not public Wi-Fi
  • [ ] Create a unique, strong password for the portal
  • [ ] Turn on two-factor authentication
  • [ ] Never click email links to log in — type the address directly
  • [ ] Set up identity monitoring with Aura
  • [ ] Use a VPN when accessing from public locations — NordVPN works on all your devices
  • [ ] Log out completely after every session
  • [ ] Download the official app from the App Store or Google Play, not from a link

Your medical records deserve exactly the same protection as your bank account. With these steps in place, you can use your patient portal with confidence — and catch any problems early, before they become expensive, time-consuming ordeals.

Last updated: 2026-05-27

Get Simple Security Tips Every Week

Join thousands of seniors who receive ClearShield's weekly newsletter — plain English, no tech jargon, and always practical. One email per week, unsubscribe anytime.

Subscribe to ClearShield Weekly →

patient portalmedical recordshealth identity theftMyChartonline safetysenior cybersecurity