A new study indicates that nearly three out of four health professionals surveyed obtained and used electronic medical record (EMR) passwords from a colleague. Could password misuse be one of the culprits behind the medical industry’s high rate of data loss?
Statistics on Password Sharing
The study, published in the September 2017 issue of Healthcare Informatics Research (HIR), showed that a large majority of providers—a total of 73.6 percent—had been asked by a colleague to share passwords. In the research, 100 percent of all medical residents surveyed admitted to sharing access codes. Students and interns also reported high share rates. The figure dropped to 57.5 percent for nurses and was even lower for senior MDs.
A variety of reasons for sharing were offered to justify violating standard operating procedures. Many individuals stated that the access granted to them did not allow them to do their job properly. When asked how often they shared passwords, some survey respondents did not answer. Others admitted to sharing passcodes an average of five times.
Electronic Medical Record Data Loss
Electronic Medical Records (EMRs) differ from older, paper medical files in numerous ways and provide some benefits including improved coordination of patient care through faster data sharing. The federal government saw value in EMR usage and mandated that any provider accepting Medicare or Medicaid switch to electronic records. EMRs permit easier storage of documents, but EMRs can be hacked and passwords can be shared.
The US Dept. of Health and Human Services (HHS) tracks EMR data loss. In 2015, a Ponemon Institute study on medical data theft indicated that criminal attacks had become the number one cause of medical identity theft. According to Privacy Rights Clearing House, hacks of medical records in 2017 alone have exposed more than 5 million medical files.
Reasons for data loss range from employee error to malicious intent. With any personal health data, account security is vital, but passwords may not be the answer according to the HIR-published study by Hassidim et al.
The study’s authors concluded that the use of passwords was doomed because of password sharing. The authors noted that stricter regulations like requiring unique user IDs might encourage, rather than lessen, password sharing which would put more data at risk.
What Can You Do?
As a patient, you can’t make your doctor take an oath that he or she won’t share passwords, but you can ask the office whether their EMR files are encrypted. Encryption could deter hackers and keep those recent test results or “before and after” surgery photos private.
Further, stories like these illustrate why it is important to monitor your financial and medical records for suspicious activity. Once you hand over your personal information, whether credit card number, Social Security number, or medical data, it is no longer under your control. By being vigilant, you are more likely to stop fraud early and lessen the possibility of identity theft.