Sunday, October 01, 2017
It Really Is Very Hard To Change Human Nature It Seems. Relevant To All State Health Systems With Hospital EHRs As Well As Many Practices!
This appeared last week:
By Kate Monica
September 26, 2017 - A recent study examined the prevalence of password sharing among healthcare providers and found nearly three-quarters of surveyed medical professionals have used another staff member’s password to obtain EHR access at work.
The study by Hassidim et al. was published in Healthcare Informatics Research and assessed survey responses from 299 healthcare professionals including residents, medical students, interns, and nurses.
The research team — including researchers from Harvard Medical School, Duke University, Ben-Gurion University of the Negev (BGU), and Hadassah-Hebrew University Medical Center — found that 73 percent of respondents reported using another staff member’s password to access an EHR at work. Over 57 percent of respondents estimated they have borrowed someone else’s password an average of 4.75 times.
Furthermore, 100 percent of all medical residents reported obtaining another medical staff member’s password with their consent. Seventy-seven percent of medical students and 83 percent of intern groups reported using someone else’s EHR access credentials due to not being administered a user account.
A little over half of surveyed nurses reported using another staff member’s password.
“Unfortunately, the use of passwords is doomed because medical staff members share their passwords with one another,” wrote researchers. “Strict regulations requiring each staff member to have it’s a unique user ID might lead to password sharing and to a decrease in data safety.”
The study demonstrated that the need to fulfill daily clinical and operational processes can prompt staff members to compromise security protocols and practices. For example, higher instances of password sharing occur when students or interns are asked to carry out a task they are not ordinarily authorized to complete.
Specifically, 56 percent of surveyed medical students and nearly 70 percent of interns stated their user access did not offer adequate authorization to fulfill their duties, prompting them to ask for someone else’s EHR access credentials. These frequent instances of password sharing could potentially weaken an institution’s overall level of EHR security.
“As demonstrated by these security incidents, the success of any regulation or technical security mechanism eventually depends on the actions of an organization’s personnel and their cooperation,” stated the report.
“The inherent trade-off between the security and usability of a system may drive users to break security regulations and circumvent security measures in an honest attempt to fulfill their duties,” they continued.
Lots more here:
The bottom line is that we need quicker, easier and effortless ways to securely authorize system access. Can that be all that hard?
Posted by Dr David G More MB PhD at Sunday, October 01, 2017