The disclosure describes techniques for protecting patient data stored in a medical device, such as an external defibrillator. The patient data may be transferred, or downloaded, from the medical device to another device, such as to a computing device for storage or analysis. In response to the download, the medical device may protect the patient data so that at least subset of users can no longer access the patient data. Patient data may be protected by modifying the data form, encrypting the data, moving the data to another memory module, password protecting the patient data, or modifying an access control list associated with the patient data. While the patient data may also be deleted as a technique for protecting the data, not deleting the data may allow the data to be recovered at a later time by an authorized user, i.e., a user not part of the subset.
