Shared clinical workstation security and access

The shared clinical workstations in the healthcare sector are often chaotic and messy. They are used by physicians for nearly everything, from logging into the EHR system to scheduling surgery. With so much going on in such a fast-paced industry, IT teams need to be vigilant and aware of security risks.

Risks of Sharing Clinical Workstations

The today’s clinical workstation is more advanced, giving caregivers instant access to information and resources. This has evolved significantly over the past few years.

  • Increased risk of accidentally typing information into someone else’s session that was left open.
  • In a healthcare environment, clinicians need to access computers fast and have the time to focus on their patients. To be efficient professionals, it is not acceptable to type, mistype, and attempt to remember a password while with a patient.
  • Many medical offices still use “shared” computers, which means if one doctor needs to log in and the other is already logged in, the first doctor must log out and then log back in as the second. This wastes time and leaves staff less productive. 
  • With no accountability, there’s less of a sense of security. For example, patient information may be displayed on the screen, and access to the EHR might be available for unauthorized personnel.
  • HIPAA violations can occur through unlocked and unattended shared computers that unauthorized personnel can access.

Using Accounts on Shared Computers

When a shared clinical computer also uses a common login account, there are more potential vulnerabilities because there is only one username and password combination for everyone to use. Clinicians are obligated to follow the mandates outlined in HIPAA compliance that require logging into shared computers individually and ensuring an accurate audit trail.

With a shared workstation, compliance can be a problem. You never know who will log into your account and leave without logging out. It’s a never-ending battle to ensure that all users log out of a shared workstation when they leave. But with so much going on in the healthcare environment, compliance is often hard-fought.

How to Manage Shared Workstation Security

The problem is that IT admins are often under intense pressure to provide both fast and secure access to computers. Still, they face many restrictive parameters that make accomplishing this virtually impossible. One problem with specific desktop applications is that clinicians need to share a common login account, violating compliance.

How does an IT team solve the issue of needing individual accounts but requiring a shared account? With an identity management solution like GateKeeper, users can log in to their systems with a shared account, while IT admins can track accurate log events for the user’s true identity.

You can use GateKeeper to log into your account and access your information without typing any passwords. What’s more, GateKeeper uses tokens that are unique to each user, so you can share your computer with others without compromising your data.

Dynamic Permission Settings for Shared Computers

Give your employees the freedom to access any computer or EHR, whether they are on a shared account or individual. IT admins can manage user accounts, computer configurations, and various security settings. In one example, IT admins can preselect whether to lock the computer or switch users.

While explaining their experience of using GateKeeper, one hospital administrator said on business software and services reviews site G2 that “Computers now lock on their own, and no password needs to be memorized. Providers can move seamlessly between computers or into and out of exam rooms with ease, thanks to the proximity tokens. A built-in password manager makes our users’ lives much easier.”

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.


Source: HackRead

Leave a Reply