Believe it or not, some people complain about having to use an account with a password on the computers of a healthcare facility!
People don’t always understand the risks associated with bad practices until it is too late. Health care is synonymous with responsibility and accountability. This is why the traceability of IT operations must be one of the priorities of healthcare institutions, as well as the confidentiality of patient records.
Here are some bad practices that our team has observed themselves.
Profiles must reflect the user’s current responsibilities as there are access and actions reserved for certain types of users.
The departure of a professional implies a change of status to their profile or their deletion. A change of responsibilities or department may require the acquisition of new rights or the loss of old ones, as well as the endorsement of new responsibilities.
Temporary accesses, often generic, should only be temporary, as their name implies.
A shared account makes it almost unnecessary to record logs: the action can be found, dated, logged in a chain of chronological events without any problem. However, finding the user who has performed an action can be quite challenging.
Putting a post-it with the password on it near the computer is even worse: anyone can access the computer, software or account information, even if they are not health professionals or authorized employees.
Perhaps in some healthcare facilities, generic rights of types of users are sufficient and suitable for all. Our experience has taught us that many exceptions exist and are justified.
Rights actually depend on the reality of the users.
Anyone, whether malicious or not, can use a current position or session. All actions recorded by the logging registry will be assigned to the user who has forgotten to log off and their reserved accesses could be used to obtain information that would otherwise not be accessed by another person.
Remember that you will be responsible even if someone else has used your account.
Each employee should, therefore, have a unique user profile with a secret password. So is the safety of all, healthcare professionals as patients.
What bad practice have you already observed in the environment?
Despite the deplorable examples in the media, poor computer practices remain a danger to health care institutions. Professionals need to be made aware of the potential dangers of their actions because, even without malice, the risks involved are real and can have unfortunate consequences for the quality of care given to patients.
Do you know the IT security policies of your workplace?