By Nick Culbertson
Co-founder and CEO, Protenus
Recently, Health Informatics Research published a study that revealed 73.6% of surveyed physicians and clinical support staff shared their passwords with other members of the care team. It’s a concerning trend: the act of sharing passwords with others undermines the overall security of any system.
Think about it this way: What’s the point of having an access log if it doesn’t correctly reflect who’s actually accessing health data?
In other industries, access to sensitive information can be easily managed through role-based permissions. Consider lending, for example: when you buy a house, you might interact with a realtor, the sellers, an inspector, a lawyer, a title officer, and a bank or other lender. Yet only the loan officer has access to your most sensitive personal data like your Social Security number, work history, and bank account information.
Health data is different because every role inside the hospital needs full access to a medical record in order to provide the best care. Doctors, nurses, but also medical students, researchers, lab technicians, dieticians, and billing specialists all need access to a patient’s full medical record to do their jobs.
It’s this need, directly at odds with healthcare organizations that attempt to control access based on role alone, that drives credential sharing.
Healthcare demands a different solution. The report’s recommendation, that “each EHR role should get an additional option that grants full privileges for one action,” won’t solve this problem in complex, dispersed care teams and omits the possibilities that artificial intelligence offers care teams today.
Here’s the thing: As each doctor, nurse or administrator uses an electronic medical record, they leave a unique, multi-dimensional digital fingerprint inside the system. This is how health data analytics excels at catching and stopping credential sharing in its tracks: Artificial intelligence is used to deeply understand clinical workflows, and by continuously monitoring how an individual behaves over time, the analytics are capable of identifying when a user’s behavior suddenly changes.
This type of advanced analytics, which monitors all app-layer accesses and accurately detects credential sharing, will help healthcare organizations build an access system that works for each hospital, rather than relying on an imperfect role-based system that may interfere with patient care. Instead, the organization will be able to address the root of the security problem by detecting and making on-the-spot corrections in team member behavior — ultimately reducing overall risk.
[clickToTweet tweet=”How We Used Behavioral Analytics To Detect Password Sharing in Electronic Medical Records” quote=”How We Used Behavioral Analytics To Detect Password Sharing in Electronic Medical Records” theme=”style3″]