Survey: 73 Percent of Medical Professionals Share Passwords to Access EHRs | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: 73 Percent of Medical Professionals Share Passwords to Access EHRs

September 27, 2017
by Heather Landi
| Reprints
Click To View Gallery
A recent study examining the prevalence of password sharing among healthcare professionals found that 73 percent of medical staff members reported having used another medical staff member’s password to access electronic health record (EHR) systems at work.
The study, conducted by Ayal Hassidim, M.D., with Hadassah-Hebrew University Medical Center, department of plastic surgery, in Jerusalem and published in the Healthcare Informatics Research, was based on the survey responses from 299 medical residents, interns, medical students and nurses. The researchers noted that trust is one of the pillars of physician-patient interaction and protecting the confidentiality of patient data is an important concern for healthcare organizations. Yet, the researchers concluded from the study findings that current permission granting and authentication processes might cause more harm than good.
Confidentiality of health information is an important aspect of the physician-patient relationship and the use of digital medical records has made data much more accessible. To prevent data leakage, many countries have created regulations regarding medical data accessibility which requires a unique user ID for each medical staff member and a password.
The research team on the study, which  included researchers from Harvard Medical School, Duke University, Ben Gurion Univeristy of the Negev and Hadassah-Hebrew University Medical Center, noted that one of the most common breaches of protected health information (PHI) is the use of another’s credentials to access patient information, yet the extent of this practice has not been previously assessed. The researchers conducted a four-question, Google Forms-based survey of medical staff to assess the prevalence of access credentials sharing among medical and para-medical staff members.
The study findings indicate that the majority (73 percent) of respondents reported using another staff members’ password to access the EHR. What’s more, 57 percent of respondents could estimate  how many times it happened, with an average estimation of 4.75 episodes.
All the medical students who took part in the survey (15 percent of respondents) had obtained the password of another medical staff member, while only 57 percent of nurses reported this.
The research team also asked respondents why they had been given the access credentials (passwords) of another medical staff member and what their role was when they received the passwords, and their answers were varied, the researchers wrote in the study.
One answer respondents gave was, “The worker wanted to perform actions while away,” and “Technical malfunction preventing me from using my own account.” In addition, respondents answered, “A limitation of the computer system forcing me to use the other worker’s account in order to fulfill my duties.” And, respondents also said, “I was not given a user account despite having to use the system in order to fulfill my duties,” and “The permissions granted to me did not allow me to fulfill my duties.”
While the protection of PHI credential is a major concern for healthcare organizations, medical staff members must provide timely and efficient care while maintaining patient confidentiality. “This may put medical staff members in a conflict between their duty and their obligation to meet security regulations,” the researchers wrote.
The researchers concluded that the use of unique IDs and passwords to defend the privacy of medical data is a common requirement in healthcare provider organizations. However, the use of passwords is “doomed,” the researchers wrote, because  medical staff members share their passwords with one another. “Stiff regulations requiring each staff member to have a unique ID might lead to password sharing and to a decrease in data safety,” the researchers wrote.
Drilling down further, the researchers note that the current study findings emphasize that increased awareness of the issue is needed to improve electronic medical record (EMR) systems and the security of PHI. The researchers call for two recommendations. First, usability should be added as the fourth principal in planning EMRs and other PHI-containing medical records, along with the three other principals, confidentiality, integrity and availability. Second, an additional option should be included for each EMR role that will grant it maximal privileges for one action, the researchers wrote. “When this option is invoked, the senior physician/the PHI security officer would be informed. This would allow junior staff to perform urgent, lifesaving decisions, without outwitting the EMR, and under formal retrospective supervision by the senior members in charge,” the researchers wrote.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Cedars-Sinai Collaborates on Organs-on-Chip Precision Medicine Project

Scientists at Los Angeles-based Cedars-Sinai, in partnership with biotechnology startup Emulate, are pioneering a Patient-on-a-Chip program to help predict which disease treatments would be most effective based on a patient's genetic makeup and disease variant.

Blockchain Company Hashed Health Gets New Partner

ODH, Inc., a New Jersey-based health technology company, has joined with blockchain innovation consortium Hashed Health.

NCQA Approved by Government as ONC-Authorized Testing Lab

The National Committee for Quality Assurance (NCQA) has announced that its eMeasure testing laboratory is now approved by the Office of the National Coordinator for Health Information Technology (ONC).

Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.