Study Discloses Distributing EHR PINs is Common

Although information on the habit of password distribution in healthcare is restricted, one study suggests the habit of distributing Electronic health record system passwords is common, particularly with medical students, interns, and nurses.

The study was carried out by Ayal Hassidim, MD of the Hadassah-Hebrew University Medical Center, Jerusalem, and additionally included scientists from Hadassah-Hebrew University Medical Center, Ben Gurion University of the Negev, Harvard Medical School, and Duke University. The research was carried out on 299 interns, medical residents, nurses, and medical students and the outcomes of the study were lately printed in Healthcare Informatics Research.

The info stowed in EHRs is confidential and should be safeguarded. Rules like HIPAA manage access to that info. All people that need access to the information in Electronic health record systems should be issued with an exclusive user ID and code word.

Any efforts to access safeguarded health information should be recorded to let healthcare companies check for illegal access. If login identifications are communicated to other persons, it’s no more possible to correctly record which persons have seen health information – a breach of HIPAA Laws. The scientists note that distributing EHR passwords is among the most common HIPAA violations and reasons of healthcare data breaches.

The study indicates that distributing EHR passwords is common, although the procedure is forbidden by HIPAA Rules and hospital policies. 73% of all respondents confessed to utilizing the code word of another person to access Electronic health records on at least one occurrence. 57% of respondents assessed the number of times they had retrieved Electronic health record information – The typical quantity of occurrences was 4.75.

All medical students analyzed said they had retrieved EHRs utilizing the identifications of another person, and 57% of nurses confessed to using another person’s identifications to retrieve EHRs. The causes for doing so were very different.

Popular reasons for distributing Electronic health record code words were approvals on the user’s account didn’t permit them to finish their work responsibilities, technical hitches prohibited them from utilizing their own identifications, and individual logins had not been delivered, although EHR access was needed to finish work responsibilities.

The scientists propose the delivery of efficient and timely treatment is time and again inconsistent with safety protections. The scientists observed, “In an effort to attain better safety, usability is hampered to the point the users think that the correct thing to do is to breach the security rules completely.”

The scientists made 2 proposals: “Usability must be added as the 4th leader in planning EMRs as well as other PHI-containing medical files. Secondly, an extra choice must be incorporated for each EMR part that will allow it maximal freedoms for one act. When this opportunity is used, the PHI security officer/the senior physician would be notified. This would let junior staff perform crucial, lifesaving, judgments, without outsmarting the EMR, and under official retrospective observation by the higher-ranking members in command.”