Over the past 10 years we have been in numerous physician offices to work on computer systems. Most of these were small offices -- two or three providers, and no on-site IT support. More often than not, within five minutes of arriving we would find system security issues capable of posing serious consequences for the practice. The good news is that many of the most common issues are simple and inexpensive to fix and require nothing more than a little time and proper employee training to remedy.
Some of the most common, but serious, issues include:
1. Sharing of passwords. This is by far the biggest issue that we see -- especially in offices where an employee can work at multiple workstations throughout the day. Making sure that employees have unique usernames for each system containing patient data not only secures the information, it also facilitates an accurate audit trail to keep up with who has accessed a patient's data.
2. Granting “administrator” rights to all employees. Establishing proper user privileges, whether for a computer, a software program, or a website, will add time to the initial setup of any system. Take the time to create a decision tree for each of your systems to establish how much access each user really needs to do their job. Extra effort on the front end will save many headaches, and possible HIPAA violations, down the road.
3. Not setting system "time-outs". A secure password does no good if a user remains logged in, allowing anyone who approaches access to the system. Establish automatic time-outs that lock the system down after a period of inactivity. The ideal time-out will depend on your current workflow, but somewhere between 5 and 15 minutes is a good place to start.
4. Usernames and passwords written on sticky-notes or scraps of paper under keyboards, etc. This is becoming more and more common as the number of passwords we are all required to remember continues to increase. Between computers, EHRs, insurance websites, etc., it is not uncommon for an employee to have to remember (and continually change) 15+ passwords. Consider using a "password keeper" that allows you to access all of your passwords using one master password. Afterall, who needs the stress of trying to keep them all straight?
There are new tips and tools to help make our lives easier arriving on the market every day -- many of which are simple, inexpensive fixes to problems that could cost a practice BIG!
