• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Life Sciences
  • Investments
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

Healthcare Security Concerns: Shared Access vs. Individual Access?

by Our Thought Leaders 10/26/2012 6 Comments

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Key solutions to addressing healthcare security concerns faced by healthcare organizations regarding shared access versus individual access to group accounts

Healthcare Security Concerns Shared Access vs. Individual AccessA major concern for hospitals and healthcare facilities is the security and accessibility of their computers, applications and data. Clinicians, especially nurses, frequently share a common user name and password with several of their peers in an area of the hospital to make it easier to sign onto the computer and not waste additional time switching between users.

The trouble of doing this for the hospital or healthcare organization is that with several users logged into one machine at once, it is impossible to track how each employee is using the system  in case they ever need to construct an audit trail.

Recently, the U.S. Office of the Inspector General recommended changes to this practice as a way to reduce the security risks of organizations allowing employees to operate their accounts in this manner. The Inspector General pointedly stated that it no longer wants user names and passwords to be shared, but instead wants each user to be identified in the system.

The first step in complying with this recommendation is to create user accounts for every person in the facility that needs to access the network. While this seems like it would be easy to accomplish, there are a number of factors that come into play: insuring accounts are created in a timely fashion; insuring proper access rights are given in the network, providing for appropriate access to required applications and making sure the account is disabled when the employee leaves.

In some cases it is feasible to link an HR system to active directory and other applications via the use of an automated identity management solution. In other cases, the organization wants more control over the account creation process and wants employees to sign documents, obtain department and systems owner approvals before having the account created. In either scenario, solutions like User Management Resource Administrator (UMRA) can help solve this initial aspect of the issue.

Healthcare Security Concerns: Shared Access vs. Individual Access?Another practical solution to this problem is the use of a single sign on (SSO) product. SSO allows each user to sign into the system once and thereafter be automatically logged into each of their applications on the computer without having to enter additional credentials. Results from a recent single sign on pilot in the healthcare market revealed some concerns though with single sign on, including that the e-mail applications of the users might be available to others. Users voiced concerns that they felt very protective over their e-mail and wanted to make sure that no other people viewed their personal information. Of course, this issue also can occur if users have shared accounts on the same computer and fail to completely close a browser when logged into an email account, for example.

This concern can be easily alleviated though with two-factor authentication. Two-factor authentication asks a user to present a second form of identification in addition to their AD user name and password such as pass card, pin code or USB token to access the workstation which would ensure security of their e-mail accounts. The conjunction of single sign on and two-factor identification solves a HIPAA problem of security while also addressing the users’ concerns of privacy of their email accounts. The two-factor authentication also allows for fast user switching, thereby, reducing time spent by clinicians waiting on their profile to load.

To accomplish two-factor authentication, it is a pre-requisite that each user have an individual account as mentioned above. This individual account, when coupled with an ID badge and reader on a PC, can go a long way to insuring that Inspector General and HIPAA compliancy are achieved.

By utilizing automated solutions for identity and access management, the burden on the IT staff can actually be decreased while managing more user accounts as staff shared accounts are eliminated and replace with individual accounts. Password management solutions, such as single sign on and password self service, are also valuable tools to reduce the load on the IT and helpdesk staff.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Interview

Reach7 Diabetes Studios Founder Chun Yong on Reimagining Chronic Care with a Concierge Medical Model

Most-Read

HHS Finalizes HTI-4 Rule: Prior Authorization & E-Prescribing Interoperability

HHS Finalizes HTI-4 Rule: Prior Authorization & E-Prescribing Interoperability

Meaningful Use Penalties_Meaningful Use_Partial Code Free_Senators Urge CMS to Establish Clear Metrics for ICD-10 Testing

CMS Finalizes TEAM Model: A New Era of Value-Based Surgical Care

White House Event Unveils CMS Health Tech Ecosystem Initiative

White House Event Unveils CMS Health Tech Ecosystem Initiative

Digital Health Faces Q2'25 Pullback: Funding Falls to 5-Year Low, But AI Dominates and $1B+ IPOs Emerge

Healthcare Investment Shifts in 1H 2025: AI Remains a Bright Spot Amidst Fundraising Decline

Digital Health Faces Q2'25 Pullback: Funding Falls to 5-Year Low

Digital Health Faces Q2’25 Pullback: Funding Falls to 5-Year Low

Beyond the Hype: Building AI Systems in Healthcare Where Hallucinations Are Not an Option

Beyond the Hype: Building AI Systems in Healthcare Where Hallucinations Are Not an Option

Health IT Sector Navigates Policy Turbulence with Resilient M&A

Health IT’s New Chapter: IPOs Return, Resilient M&A, Valuations Rise in 1H 2025

PwC Report: US Medical Cost Trend to Remain Elevated at 8.5% in 2026

PwC Report: US Medical Cost Trend to Remain Elevated at 8.5% in 2026

Philips Launches ECG AI Marketplace, Partnering with Anumana to Enhance Cardiac Care with AI-Powered Diagnostics

Philips Launches ECG AI Marketplace, Partnering with Anumana to Enhance Cardiac Care with AI-Powered Diagnostics

WeightWatchers Emerges from Bankruptcy, Launches New Menopause Program

WeightWatchers Emerges from Bankruptcy, Launches New Menopause Program

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |