Simple Self Assessment explained. Heading toward Meaningful Use.
Each user must have their own login.
Oh, and each user must have their own password.
This may sound obvious…but it really is not obvious to everyone.
First, what does this mean?
It means, that every single person in your office needs to have their own login to the EHR, and to your computer network.
No sharing of logins…by anyone
Also, no one should anyone else’s password.
“yea but, sometimes…” No, nobody should know anyone else’s password.
That means you Practice Manager…that means you Doctor.
No, the office manager shouldn’t have a master log of username/passwords.
No, the IT folks shouldn’t have a master log of username/passwords.
No, the doctors shouldn’t have a master log of username/passwords.
Why is this important? Accountability.
If somebody in your office has a list of all usernames & passwords, every member of your staff now has an “out” if they are ever blamed for doing something wrong on the network.
“Jimmy has my username & password, and he was mad that I didn’t start a new pot of coffee, I’ll be he logged in as me and did that…”
Is this really what you want to mess with?
Additionally, Meaningful Use (and HIPAA) require that you be able to track user access.
If all, or even some, users share a login, you lose that tracking capability.
If your EHR vendor did not set your office up this way, give them a call and get this corrected ASAP.