Survey: 73 Percent of Medical Professionals Share Passwords to Access EHRs | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: 73 Percent of Medical Professionals Share Passwords to Access EHRs

September 27, 2017
by Heather Landi
| Reprints
Click To View Gallery
A recent study examining the prevalence of password sharing among healthcare professionals found that 73 percent of medical staff members reported having used another medical staff member’s password to access electronic health record (EHR) systems at work.
The study, conducted by Ayal Hassidim, M.D., with Hadassah-Hebrew University Medical Center, department of plastic surgery, in Jerusalem and published in the Healthcare Informatics Research, was based on the survey responses from 299 medical residents, interns, medical students and nurses. The researchers noted that trust is one of the pillars of physician-patient interaction and protecting the confidentiality of patient data is an important concern for healthcare organizations. Yet, the researchers concluded from the study findings that current permission granting and authentication processes might cause more harm than good.
Confidentiality of health information is an important aspect of the physician-patient relationship and the use of digital medical records has made data much more accessible. To prevent data leakage, many countries have created regulations regarding medical data accessibility which requires a unique user ID for each medical staff member and a password.
The research team on the study, which  included researchers from Harvard Medical School, Duke University, Ben Gurion Univeristy of the Negev and Hadassah-Hebrew University Medical Center, noted that one of the most common breaches of protected health information (PHI) is the use of another’s credentials to access patient information, yet the extent of this practice has not been previously assessed. The researchers conducted a four-question, Google Forms-based survey of medical staff to assess the prevalence of access credentials sharing among medical and para-medical staff members.
The study findings indicate that the majority (73 percent) of respondents reported using another staff members’ password to access the EHR. What’s more, 57 percent of respondents could estimate  how many times it happened, with an average estimation of 4.75 episodes.
All the medical students who took part in the survey (15 percent of respondents) had obtained the password of another medical staff member, while only 57 percent of nurses reported this.
The research team also asked respondents why they had been given the access credentials (passwords) of another medical staff member and what their role was when they received the passwords, and their answers were varied, the researchers wrote in the study.
One answer respondents gave was, “The worker wanted to perform actions while away,” and “Technical malfunction preventing me from using my own account.” In addition, respondents answered, “A limitation of the computer system forcing me to use the other worker’s account in order to fulfill my duties.” And, respondents also said, “I was not given a user account despite having to use the system in order to fulfill my duties,” and “The permissions granted to me did not allow me to fulfill my duties.”
While the protection of PHI credential is a major concern for healthcare organizations, medical staff members must provide timely and efficient care while maintaining patient confidentiality. “This may put medical staff members in a conflict between their duty and their obligation to meet security regulations,” the researchers wrote.
The researchers concluded that the use of unique IDs and passwords to defend the privacy of medical data is a common requirement in healthcare provider organizations. However, the use of passwords is “doomed,” the researchers wrote, because  medical staff members share their passwords with one another. “Stiff regulations requiring each staff member to have a unique ID might lead to password sharing and to a decrease in data safety,” the researchers wrote.
Drilling down further, the researchers note that the current study findings emphasize that increased awareness of the issue is needed to improve electronic medical record (EMR) systems and the security of PHI. The researchers call for two recommendations. First, usability should be added as the fourth principal in planning EMRs and other PHI-containing medical records, along with the three other principals, confidentiality, integrity and availability. Second, an additional option should be included for each EMR role that will grant it maximal privileges for one action, the researchers wrote. “When this option is invoked, the senior physician/the PHI security officer would be informed. This would allow junior staff to perform urgent, lifesaving decisions, without outwitting the EMR, and under formal retrospective supervision by the senior members in charge,” the researchers wrote.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Healthcare Execs Anticipate High Cost Returns from Predictive Analytics Use

Healthcare executives are dedicating budget to predictive analytics, and are forecasting significant cost savings in return, according to new research from the Illinois-based Society of Actuaries.

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.