A recent study examined the prevalence of password sharing among healthcare providers (residents, medical students, interns, and nurses) and found nearly three-quarters of surveyed medical professionals have used another staff member’s password to obtain EHR access at work.
73% reported using another staff member’s password to access an EHR at work. 100% of all medical residents reported obtaining another medical staff member’s password with their consent. 77% of medical students reported using someone else’s EHR access credentials due to not being administered a user account. More than half of surveyed nurses reported using another staff member’s password.
The study demonstrated that the need to fulfill daily clinical and operational processes can prompt staff members to compromise security protocols. Higher instances of password sharing occur when students or interns are asked to carry out a task they are not ordinarily authorized to complete.
56% of surveyed medical students and nearly 70% of interns stated their user access did not offer adequate authorization to fulfill their duties, prompting them to ask for someone else’s EHR access credentials. These frequent instances of password sharing could potentially weaken an institution’s overall level of EHR security.
To prevent such incidents, HIPAA requires healthcare organizations enforce security measures and policies that include outlines of each medical staff member’s role and access privileges. Healthcare organizations are also required to establish processes for authenticating the identity of each staff member, control access to data, and audit editing.
Recommendations to reduce instances of password sharing:
Make it easier and faster for medical staff members to obtain EHR access credentials
Understaffed hospitals should delegate administrative tasks and extend EHR system access to junior staff members, interns, and medical students during on-call hours. Extending access privileges can lead to less password sharing and improved health data protection.
Add option for each EHR role granting maximum privileges for one-time use, informing a senior physician and security officer when option is used. The option would allow junior staff members to make urgent care decisions under retrospective supervision while abiding by the facility’s security measures.
Read full article at link below: