Although data on the habit of password distribution in healthcare is narrow, one survey indicates the habit of password distributing EHR passwords is routine, particularly with nurses, medical students, and interns.
The research was carried out by MD of the Hadassah-Hebrew University Medical Center, Jerusalem, Ayal Hassidim, and also included researchers from Hadassah-Hebrew University Medical Center, Ben Gurion University of the Negev, Harvard Medical School, and Duke University. The study was carried out on 299 interns, medical residents, nurses, and medical students and the results of the study were lately circulated in Healthcare Informatics Research.
The data stowed in EHRs is confidential and should be safeguarded. Rules like HIPAA monitor access to that data. All people who need access to the data in EHR systems should be allotted with an exceptional user ID as well as password.
Any efforts to access safeguarded health information should be logged to let healthcare organizations check for illegal access. If login identifications are shared with other people, it’s no more possible to correctly record which persons have seen health information – a breach of HIPAA laws. The scientists note that distributing EHR passwords is among the most common HIPAA violations and reasons of healthcare data breaches.
The survey proposes that distributing EHR passwords is routine, although the practice is forbidden by HIPAA Rules and hospital policies. 73% of all respondents confessed to utilizing the password of a different person to access EHR files on at least one case. 57% of respondents assessed the number of times they had accessed Electronic health record system information – The average quantity of occurrences was 4.75.
All medical pupils surveyed stated they had retrieved EHRs using the identifications of another person, and 57% of nurses confessed to using another person’s identifications to access EHRs. The causes for doing so were extremely different.
Common causes for distributing EHR passwords were consents on the user’s account didn’t let them finish their work duties, technical problems prohibited them from utilizing their own identifications, and private logins had not been allotted, although EHR access was mandatory to finish work duties.
The scientists suggest the delivery of efficient and timely treatment is frequently at odds with safety protections. The scientists noted down, “In an effort to accomplish better safety, usability is obstructed to the stage the users think that the correct thing to do is to breach the safety rules altogether.”
The scientists made 2 recommendations: “Usability must be added as the 4th principal in scheduling EMRs as well as other PHI-containing medical files. Second, an extra option must be incorporated for each EMR part that will give it maximal freedoms for one act. When this choice is appealed, the PHI security officer/the senior physician would be notified. This would let junior staff carry out lifesaving, urgent, decisions, without beating the EMR, and under official retrospective control by the senior members in control.”