We all know by now that we are not supposed to give our passwords to anyone else or use someone else’s passwords to access an electronic system.

Despite this basic data security tenant, a new study by Healthcare Informatics Research reports that 73% of medical professionals admit that they have used another’s password to access an electronic medical record (EMR).

The survey asked 299 medical professionals in hospital settings if they had ever used someone else’s password to access an EMR. Of those questioned, 100% of the medical residents said yes, they had, and 57.7% of nurses admitted they had as well.

The study found that the reason the residents had violated basic security hygiene was that they had not been given a user account of their own, or did not have access rights to access information that was needed to fulfill their duties.

The authors of the study recommended:

  • work on having less burdensome processes for workers to attain appropriate access credentials for their job duties
  • extend EMR access to Para-medical, junior staff, interns and students in understaffed hospitals during on-call hours and delegate administrative tasks
  • allow maximum privileges for one-time use in lifesaving conditions to junior staff so using someone else’s password is not necessary

These recommendations will have to be individually evaluated by hospitals in the context of their HIPAA compliance programs.