The importance of password security in your medical practice

Personal banking. Paying the electric bill. Online shopping. These activities and many more are conducted online. Today, everyone has passwords to access their private business and life matters. Unfortunately, with one slip-up, important identifying information can be revealed to everyone, anywhere online.

It is important for everyone to have secure passwords to access their online data. But it can also be equally necessary that practice managers and physicians have hard-to-crack login information for even their own work computers. These devices hold information about patients, medications, histories and medical billing. Accounts can be compromised in several ways, which is why you need to protect your patients and the practice. According to CNet, hackers may be trying to access this information, for their own purposes, to exploit the data, for example,  or there could be a widespread data breach. Without a secure password, precious information can be lost.

Setting a solid password
The source noted that any passwords should not  include identifying information. This means individuals should leave out any reference to their first name, family name, addresses, birth dates and phone numbers. Instead, a password possess a combination of random symbols, upper and lowercase letters and numbers. Try and leave out any real words if possible; these can also be deduced by hackers. To find a completely random password, there are several internet tools that generate 16 characters out of the air, which can then be used for security purposes.

However, individuals should not share passwords with anyone. This data can easily get into the wrong hands, and someone unsavory may then be able to access larger electronic systems. It is especially inadvisable to share EHR or electronic medical record password information, but it seems that studies indicate this is a more common practice than previously thought.

EMR password sharing
Staff, practice managers and physicians all have their own passwords and login identification for EHR and other electronic systems. A study highlighted the fact that these passwords and IDs are often shared; the owner isn't always the only one who knows his or her information. Researchers from Ben-Gurion University of the Negev (BGU), Harvard Medical School, Duke University, Hadassah-Hebrew University Medical Center and the Interdisciplinary Center in Herzliya, Israel, distributed surveys to 299 medical professionals. The team wanted to know how frequently staff used each others passwords to access EMRs, and how often they had shared their information with another. The study revealed that 220 respondents, , had obtained another staff member's password. Some of the individuals who participated in the survey were asked to estimate the amount of time this occurred. On average, workers used a password that was not their own around 4 times.

Of those surveyed, 100 percent of residents admitted to using another staff member's password, and 57.7 percent of nurses indicated as such.

Dr. Ayal Hassidim, at Hadassah-Hebrew University Medical Center said that patient confidentiality is key when delivering care. "Medical staff must provide timely and efficient care while maintaining patient confidentiality," he said. "This may sometimes cause conflict between their duty and their obligation to meet security regulations."

How to maintain practice security
While it is obvious that practice managers and other staff must keep confidential information within the confines of the practice or facility, it is also not advisable that staff use one another's credentials. It is understandable that people are crunched for time, and often delegate work to those who can help, but who may not have the required ID and passwords. To prevent this, all trained staff who can use EHRs or EMRs should have their own unique logins.

By being a bit more mindful of practice security and ensuring password sharing is at a minimum - or entirely eliminated - everyone can work together to keep data private and safe.

Kevin McCarthy's picture

Kevin McCarthy

Industry News Editor

An avid traveler and news junkie, Kevin covers a range of topics from healthcare technology to policy and regulations. As a former journalism student, he enjoys finding stories relevant to small practices and is passionate about keeping them informed. Before joining NueMD, Kevin worked for Turner Broadcasting as a Programming Intern where he conducted legal research and contributed to editorial content development. He received his bachelor's degree in Communication from Kennesaw State University and currently serves as the Industry News Editor at NueMD.

comments powered by Disqus

Related Articles