The Importance Of Assigning Passwords & Rights To Users Of An Electronic Health Record (EHR) System
In the modern world, data is a valuable resource that can be used to improve the quality of life for everyone. Data can also be misused and exploited for personal or monetary gains. Personal health data is one of the most sensitive, private, and valuable data. If it’s accessed by people who are unauthorized to do so, it would be a breach of privacy for the patient. Strong passwords are essential to protect health-care data stored in an EHR system. A strong password is one that is of reasonable length, isn’t a dictionary word, and consists of letters, numbers, and special characters. All personnel who require access to the EHR must be required to have a unique password and password sharing must be forbidden.
A data breach can occur when people access a computer system either remotely or in person and bypass its security to access its stored data. A strong password can make this extremely difficult and practically impossible. According to a recent article in The Telegraph, “private medical records of NHS patients were stolen following a major security hack that exposed the passwords of hospital staff. The passwords were stolen in 2016 from Embrace Learning, a Cheshire-based online training business used by healthcare workers to learn about topics such as data protection.”
A strong password and good security practices can prevent incidents like this from occurring. Setting user rights for all the people who have access to the EHR system is also an important security measure. Most personnel require access to only specific data. For example, administrative staff may not require access to a patients past diagnostic records. Setting user rights reduces the risk of a data breach because the fewer people have access to specific data, the less likely it is for a data leak to occur. Limiting the amount of data a person has access to also ensures that if a data breach occurs through that particular persons account, it will be limited by their access rights.
According to a security report from Verizon, “Healthcare is the only industry where the threat from inside is greater than that from outside. 56% of data breaches are internal”. It’s important for staff to lock their computers when not actively working on it because a data breach can occur. Other staff members may abuse the EHR system that left unattended. They may do this out of curiosity of because of malicious intent. Health-care data is extremely valuable and is often stolen for monetary gain. Because there is strong incentive for people to access and obtain data that they are not authorized and have no right to access, it’s important to take every precaution to protect that data.
Locking the EHR system when it’s not actively being used can is a simple and effective precaution that can prevent other staff from accessing data they may not be authorized to access and this ensures patient privacy. Tabitha Iris Wang calls to schedule an appointment with Dr. Alan Feltner. The steps to schedule an appointment are as follows:
- In the Home menu, choose the “Appointments” option.
- Enter the name of the patient. The appointment order will be added to the patients’ previous record if it exists.
- Look up the possible appoint times and match them to the time the patient requested. If the time the patient requested is not available, suggest another time that is acceptable.
- Confirm the appointment time with which the patient agrees. A communication will be sent to the patient.
- In many EHR systems, reminders are sent to the appropriate staff, and to the patient prior to the appointment.
References:
- 2018 Data Breach Investigations Report: Verizon. (2018). Retrieved from https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf
- Cook, J. (2018, August 11). Patient data at risk after passwords hacked. The Telegraph. Retrieved from https://www.telegraph.co.uk/technology/2018/08/11/patient-data-risk-passwords-hacked/
