HIPAA violation to share passwords?

Is it a HIPAA violation to share passwords?

It is quite obvious that password sharing is a HIPAA violation. There were a lot of surveys conducted by different universities, colleges, institutes & the result was published by the Healthcare Informatics Research. The study was conducted on all medical staff like nurses, interns & medical students & it has been found that password sharing is very common in the medical profession.

As per the study conducted on 299 medical staff, the report was published by Healthcare Informatics & Research that staff has admitted that they use username & password of other Employees. Information stored on these portals is very confidential & restricted only to the authorized personnel who have access with his/her respective user id & password.

If the user names & passwords are shared with other persons, it is no longer possible to accurately record which individual has viewed health information. This is a violation to the HIPAA policy & this causes the healthcare data breaches.

As per the survey, password sharing is common, though it is prohibited by the hospital’s policies. The common reason found on password sharing is that sometimes user account gets some problem and employees are not able to do their task with their own credential.

Due to technical problems their own credentials not working and not having access to their own user name, they share passwords to complete their duties which are a breach of the HIPAA policy.

It has also found through research that the provision of timely & efficient care is always at odds with the security protections. All the researchers noted that an attempt to better security, usability is hindered to the level the users feel that the right thing to do is to violate the security regulations altogether.

It has also found that researchers made two main recommendations “Usability should be added as the fourth principal in planning EMRs and other PHI-containing medical records.

Second, an additional option should be included for each EMR role that will grant it maximal privileges for one action. When this option is invoked, the senior physician/the PHI security officer would be informed.

This would allow junior staff to perform urgent, lifesaving, decisions, without outwitting the EMR, and under formal retrospective supervision by the senior members in charge.”

Most of the organizations have individuals who are sharing the passwords & they are not even aware about the seriousness of the violation and others mostly do because they have less honorable intentions. Generally, the initiative comes from the health care workers, although sometimes it is initiated by management.  It could simply be out of convenience; people become frustrated with all the different passwords they have to use so they either decide to use common ones, write them down, or share them.”