Study: Most clinical staff have improperly used EMR passwords

September 26, 2017
Credentialing Resource Center Digest

Note: This article originally appeared on HealthLeaders Media, September 26, 2017.

A majority of medical professionals surveyed have accessed an EMR system using a password improperly supplied by a fellow clinician, finds a new study published in Healthcare Informatics Research.

Researchers, from Ben-Gurion University of the NegevHarvard Medical SchoolDuke UniversityHadassah-Hebrew University Medical Center, and the Interdisciplinary Center in Herzliya, Israel, say theirs is the first study to examine EMR access among medical providers.

In the study, researchers gathered survey responses from 299 medical professionals, including residents, medical students, interns, and nurses.

Nearly three-quarters (73%) of the 299 participants claimed to have used another clinical colleague’s password to access an EMR at work. More than 57% of participants (171 out of 299) estimated they have used someone else’s password an average of 4.75 times.

Of the medical residents, all (100%) say they had at one time obtained another medical staff member’s password with their consent.

Within the student and intern groups, 77% and 83% (respectively) used someone else’s access credentials because they said they "were not given a user account.”

Similarly, 56% of students and almost 70% of interns cited that their user access had inadequate permissions " to fulfill my duties" so they had to ask for someone else's access credentials.

Only half of the nurses surveyed (57.5%) reported using someone else’s password.

"The strength of an information security system is determined by the strength of its weakest link," researcher Dr. Florina Uzefovsky, an associate professor of developmental psychology at BGU and member of its Zlotowski Center for Neuroscience said in a statement. "Even a single breach may render an information system ineffective."

Among the researchers’ recommendations:

  • Make getting access credentials less difficult and time-consuming
  • Delegate administrative tasks and extend EMR system access to para-medical, junior staff, interns, and students in understaffed hospitals, especially during on-call hours
  • Better understand the kinds of EMR access privileges each person needs for their jobs
  • Add an option for each EMR role that grants maximum privileges for one-time use only, “allowing junior staff to make urgent, lifesaving decisions under formal retrospective supervision without having to sneak onto the EMR”

Source: HealthLeaders Media

Found in Categories: 
Legal Considerations