Shared Clinical Workstation Security and Access
Clinical workstations are usually shared chaotically between clinicians and present unique vulnerabilities for IT teams in the healthcare ecosystem. The shared clinical workstation is used by physicians for nearly everything: login to EHR to look up patient charts, reporting, scheduling (i.e. surgery), order entry, medication, admission, and more. With so much going on in such a fast-paced industry, IT teams need to be more vigilant and aware of the particular workflow improvement opportunities and hardening of cybersecurity posture around medical kiosks.
Risks of sharing clinical workstations.
The evolution of the clinical workstation over the years has given caregivers instant access to information and resources at almost any terminal.
- Risk of accidentally typing information into someone else’s session that was left open.
- Login process is slow. Clinicians need to access computers fast in a healthcare environment – having to type, mistype, and attempt to remember a password while with a patient is unacceptable.
- Switching users takes too long and too many manual steps. If one doctor needs to login, but another is logged in, the first doctor has to log out, then the second doctor has to manually re-login to the same shared computer – wasted time.
- No accountability and so less a sense of security for the computer, patient information that may be displayed, and EHR access.
- Unlocked and unattended shared computers can be accessed by unauthorized personnel. This can lead to HIPAA violations and fines.
Using common accounts on shared computers.
More potential vulnerabilities exist when a shared clinical computer also uses a common login account. This means there is only one username and password combination that everyone uses to login to that one shared workstation. Clinicians must comply with HIPAA compliance mandates that require logging in individually onto shared computers to ensure authorized access and an accurate audit trail. Compliance also requires that each user logout of the shared workstation when they leave. But this is never a guarantee with so much going on in the hectic healthcare environment.
- Clinicians need access to their EHRs ASAP: having to memorize different kiosk computer login combinations, type, then do it again for the EHR is a huge waste of time.
- Low level of accountability: Not only is there less accountability when using a shared computer. Accountability when using a shared login account is too low.
- Inaccurate audits: Audits are impossible since everyone logging in is using the same login. How can you tell who is logged in suspiciously if a data breach incident was being investigated? The user might simply be “computer9” and password is “password123”. Keep clean audit trails.
- HIPAA: Violation of HIPAA compliance and organization’s policies. Users must login with their own accounts, even on shared computers. Prevent HIPAA violations with automation.
- Takes too long and wastes time: Even on shared accounts, doctors and nurses may need to switch accounts for a particular application. More time wasted if the process for logging out and in again it long and takes too many types (with room for the too-often mistyping error). Prevent wasted time from repeated logins throughout the workday.
How to manage shared workstation security.
IT admins are under intense pressure to provide both fast and secure access to computers. But a litany of restrictive parameters may prevent such a task from being easily achievable in many IT teams’ situations. One problem is that certain desktop applications require clinicians share a common login account. But this is in violation of compliance. How does an IT team solve the issue of needing individual accounts but the situation requires a shared account? Using an identity management solution like GateKeeper Enterprise for healthcare, IT admins can allow users to login with a shared account while retaining accurate log events session user’s true identity. Even on shared accounts, GateKeeper identities each unique session user using their respectively issued token. No more typing any passwords on the shared computer, common login account, and individual login accounts.
Auto-Fill EHR passwords on all shared workstations.
Check out how one clinic auto-fills EHR passwords and tracks access logs on shared accounts using GateKeeper in this healthcare IT case study. Even EHR programs including Allscripts PM, Allscripts Clinical Module, eClinicalWorks, and more will auto-fill after the clinician logs in using their passwordless token. Web-based EHRs will also auto-fill usernames and passwords as part of the cascading authentication using their login token. IT teams can automate these repetitive login tasks for all caregivers. After clinicians finish their session, they can simply walk away and the computer will lock automatically! Clinicians can login to shared workstations and shared accounts faster while maintaining strong security. There are many IT burdens in healthcare that can be automated.
Dynamic permission settings for shared computers.
Grant permission to any computer or EHR, whether on a shared account or individual. IT admins can also preselect actions such as locking the computer vs. switching users. Let users login fast with just with a single touch of their key to their USB reader. No more latency during login in healthcare – just seamless access to what everyone needs instantly and effortlessly. Then the PC auto-locks when you leave. GateKeeper is the caregiver’s key for logging in to everything password-related. One hospital administrator states on G2 that “Computers now lock on their own, and no password needs to be memorized. Providers can move seamlessly between computers or into and out of exam rooms with ease, thanks to the proximity tokens. A built-in password manager makes our users’ lives much easier.”