Medical Professionals Improperly Share Patient Info
Medical Professionals Improperly Share Patient Info
September 26, 2017
Press Releases, Social Sciences & Humanities
Strict regulations for keeping confidential data secure often make it difficult for caregivers to get the information they need. As a result, a majority of medical staff surveyed have accessed an electronic medical record (EMR) system using a password improperly supplied by a fellow medical staffer.
Dr. Florina Uzefovsky, associate professor of developmental psychology at BGU and member of its Zlotowski Center for Neuroscience
Published in Healthcare Informatics Research, the “Prevalence of Sharing Access Credentials in Electronic Medical Records” is the first study to examine EMR access among medical providers.
EMRs store extensive, highly sensitive information about patients, including personal, demographic and financial data. Healthcare organizations also use EMRs for billing, appointment-scheduling and managing critical life-supporting devices.
In the study, researchers gathered survey responses from 299 medical professionals, including residents, medical students, interns, and nurses. The research team included researchers from Ben-Gurion University of the Negev (BGU), Harvard Medical School, Duke University, Hadassah-Hebrew University Medical Center, and the Interdisciplinary Center in Herzliya, Israel.
Nearly three-quarters (73 percent) of the 299 participants claimed to have used another medical staff member’s password to access an EMR at work. More than 57 percent of participants (171 out of 299) estimated they have used someone else’s password an average of 4.75 times.
Of the medical residents, all (100 percent) say they had at one time obtained another medical staff member’s password with their consent. Within the student and intern groups, 77 percent and 83 percent (respectively) used someone else’s access credentials because they said they “were not given a user account.”
Similarly, 56 percent of students and almost 70 percent of interns cited that their user access had inadequate permissions “to fulfill my duties” so they had to ask for someone else’s access credentials. Only half of the nurses surveyed (57.5 percent) reported using someone else’s password.
“The strength of an information security system is determined by the strength of its weakest link,” says researcher Dr. Florina Uzefovsky, an associate professor of developmental psychology at BGU and member of its Zlotowski Center for Neuroscience. “Even a single breach may render an information system ineffective.”
Breaching patient privacy — which is protected under the strict Health Insurance Portability and Accountability Act (HIPAA) rules in the United States and International Standards Organization (ISO) criteria in Israel and other countries — can result in large fines if reported. In addition, an EMR system attack could seriously disrupt healthcare operations and cause direct injury to patients, such as with the manipulation of a prescription or medical device.
Consequently, HIPAA requires healthcare organizations to establish and enforce comprehensive security policies, which include clear definitions of each worker’s role and access privileges. Organizations must also supply a way to authenticate the identity of each worker, control his or her access to relevant data and audit editing.
“Medical staff must provide timely and efficient care while maintaining patient confidentiality,” says the primary investigator, Dr. Ayal Hassidim, at Hadassah-Hebrew University Medical Center. “This may sometimes cause conflict between their duty and their obligation to meet security regulations.”
The researchers offer a number of recommendations. First, attaining access credentials needs to be less difficult and time-consuming. For example, in Israel — where junior staff turnover clinical rotations weekly — medical school students, interns, and other new employees often resort to using another employee’s credentials to fulfill their duties while going through the strict, lengthy registration process.
The researchers recommend that understaffed hospitals, especially during on-call hours, may need to delegate administrative tasks and extend EMR system access to para-medical, junior staff, interns, and students. Nurses, who generally carry out more precisely defined duties, are more likely to have the EMR privileges they need. An understanding of the requirements of the medical staff and extending broader access privileges can actually lead to less password sharing and better protection of the medical data.
Lastly, the researchers recommend adding an option for each EMR role that grants maximum privileges for one-time use only. When this option is invoked, the senior physician and a protected health information (PHI) security officer would be informed. This would allow junior staff to make urgent, lifesaving decisions under formal retrospective supervision without having to sneak onto the EMR.
The other researchers participating in the study include: Dr. Ayal Hassidim, Hadassah-Hebrew University Medical Center; Dr. Tzfania Korach, Harvard Medical School; Drs. Rony Shreberk-Hassidim and Elena Thomaidou, Hadassah-Hebrew University Medical Center; Shahar Ayal, Ph.D., Interdisciplinary Center, Herzliya, Israel; and Dan Ariely, Ph.D., Duke University.
ABOUT AMERICANS FOR BEN-GURION UNIVERSITY
By supporting a world-class academic institution that not only nurtures the Negev, but also shares its expertise locally and globally, Americans for Ben-Gurion University engages a community of Americans who are committed to improving the world. David Ben-Gurion envisioned that Israel’s future would be forged in the Negev. The cutting-edge research carried out at Ben-Gurion University drives that vision by sustaining a desert Silicon Valley, with the “Stanford of the Negev” at its center. The Americans for Ben-Gurion University movement supports a 21st century unifying vision for Israel by rallying around BGU’s remarkable work and role as an apolitical beacon of light in the Negev desert.
About Ben-Gurion University of the Negev
Ben-Gurion University of the Negev embraces the endless potential we have as individuals and as a commonality to adapt and to thrive in changing environments. Inspired by our location in the desert, we aim to discover, to create, and to develop solutions to dynamic challenges, to pose questions that have yet to be asked, and to push beyond the boundaries of the commonly accepted and possible.
We are proud to be a central force for inclusion, diversity and innovation in Israel, and we strive to extend the Negev’s potential and our entrepreneurial spirit throughout the world. For example, the multi-disciplinary School for Sustainability and Climate Change at BGU leverages over 50 years of expertise on living and thriving in the desert into scalable solutions for people everywhere.
BGU at a glance:
20,000 students | 800 senior faculty | 3 campuses | 6 faculties: humanities & social sciences, health sciences, engineering sciences, natural sciences, business & management, and desert research.
For all press inquiries, please contact:
James Fattal, J Cubed Communications
516.289.1496
Stories Like This
