Why EHR Password Sharing May Be Putting You At Risk

There are a lot of reasons you may be sharing your passwords with other people on the job.

  • A resident may not have the proper credentials to access the files she needs.
  • A nurse may not have the proper credentials to access the records requested.

And those are just the start.

Rather than taking the time to get the proper credentials, sharing seems like the quickest way to get to the end result.

A study from Healthcare Informatics Research reported that 73.6 percent of respondents said they had indeed used credentials from another staff member to access EHR data. And of those that responded, they admitted to using another’s credentials as many as five times before solving the issue.

Security is only as strong as the users within the system. And unfortunately, users with legitimate reasons to be in the system are often the ones that put the system most at risk.

To keep data safe, medical personnel should never share passwords. They know they shouldn’t. Yet in the interest of efficiency, it happens all the time. When it comes to human life, sharing a password can seem like a trivial thing.

What are other options?

First, when securing your EHR and other PHI medical records, you should ensure a usability policy is in place throughout your practice. What are the proper channels to ensure everyone has the proper credentials they need to do their jobs?

Second, an option should be available for a one-time override when accessing data beyond set capabilities is a necessity. When this override is used, it should alert people in authority as to what happened and why. This would give junior staff members the access they need in critical situations, while alerting senior members as to who is entering different parts of the system.

If this process is monitored, it can inform senior members to how better secure their data, while giving access to people at times when they need it most. It signals you to patterns and helps you instill more security in areas that are breached on a regular basis.

Above all, training is your number one ally. Before vulnerability opens you up to a potential lawsuit, ask your staff about how they operate. Where are password weaknesses? When your staff realizes you’re only trying to make the system better for all to use, you’ll be surprised at the insight you can gain.

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.