Passwords are often one of the weakest links in security in any industry, but particularly problematic in healthcare. Insecure passwords that are easily cracked coupled with insecure password practices lead to gaps in security. Clinicians and nurses need to log in and out of systems repeatedly throughout the day, so security policies that try to enforce longer or more complex passwords have only backfired: passwords are being taped to computers or left on sticky notes around the ward. Worse, hospital staff are just as likely to leave workstations logged in or to share credentials rather than log in and out of systems repeatedly, notes a recent Healthcare Informatics Research study.
Workarounds to computer access in healthcare are common. As researchers have pointed out in studying the phenomenon: “clinicians focus on patient care, not on cybersecurity.” Understanding workarounds reflects our understanding that we’re attempting to patch a workflow problem (logging in / out) that remains a bottleneck, no matter how you try to enforce password security. It’s time to look at the workflow bottleneck as the means to addressing the problem with insecure passwords.
Let’s untangle the workflow issue. Physicians and nurses need to log into the EMR / EHR to look up patient information, check for results to critical tests or check on patient status. In order to communicate results, nurses may need to log into additional systems to share the results among the care team. Often, workstation access is fixed (at a central desk) or mobile, but shared (cart-based), so users must log out so that others can use the workstation - even if they are still waiting for results.
Many hospitals attempt to bypass the problems with passwords by adopting secure sign on (SSO) technology, but while this technology solves the issue from a security standpoint, it does little to address the underlying workflow breakdown that was leading to all of these workarounds.
There is a better way.
BYOD works well for physicians, but in-patient nurse mobility is best supported by shared devices that are ruggedized, can be thoroughly sanitized, are easy to care on duty and support efficient log in and out (of both device and applications). An effective authentication strategy for devices for physicians and nurses can help eliminate the need to repeatedly log into systems. The care team can access the integrated data from over 20+ clinical systems (EHR / EMR, LIS, scheduling, nurse call) all from one application on the smartphone, easily displayed and organized by patient. With a push system, you avoid having to log in to “check” for results or orders - they push directly to you. Communication among the care team is integrated into the patient profile, creating an audit trail that can post back to the EHR.
No more juggling systems or apps. No more wasted trips to the workstation. No more delays in care because of missed orders or results. That’s the power of the Telmediq Healthcare Communication Hub, addressing the bottlenecks in care coordination and communication. Contact us to learn more.
