The Firing Line Forums - View Single Post - Doctors target gun violence as a social disease

rtpzwms · August 12, 2012, 09:16 AM

What worries me most about the electronic medical records is not that they are on the computer but the simple social engineering of the users of the systems that house these systems. I worked in a hospital for many years and I had the lead in installing an electronic medical record system. The system was secured with encryption from the workstation to the server. The data on the disk was encrypted. So from that aspect it was at least as safe as an old style paper medical record.

But the doctors and nurses would share logins on a regular basis. The nurses saw no problem with this behavior at all, and the doctors didn’t care. This is what goes on in the hospital I don’t what to think of what would happen in a private practice without an IT team to support the system. Many of the doctors and nurses had no concept of what they were doing from a security aspect and it was a constant battle. If the IT team saw two logins from the same use at two systems from different departments we would reset the user password. This would cause the user to call the department to get there login and **** them off in the process.

I’ll stop my soap box here and just say there is a lot more to this problem.

August 12, 2012, 09:16 AM	#8
rtpzwms Senior Member Join Date: July 6, 2010 Location: OTS Posts: 1,035	What worries me most about the electronic medical records is not that they are on the computer but the simple social engineering of the users of the systems that house these systems. I worked in a hospital for many years and I had the lead in installing an electronic medical record system. The system was secured with encryption from the workstation to the server. The data on the disk was encrypted. So from that aspect it was at least as safe as an old style paper medical record. But the doctors and nurses would share logins on a regular basis. The nurses saw no problem with this behavior at all, and the doctors didn’t care. This is what goes on in the hospital I don’t what to think of what would happen in a private practice without an IT team to support the system. Many of the doctors and nurses had no concept of what they were doing from a security aspect and it was a constant battle. If the IT team saw two logins from the same use at two systems from different departments we would reset the user password. This would cause the user to call the department to get there login and **** them off in the process. I’ll stop my soap box here and just say there is a lot more to this problem. __________________ Experience is what you get when you don’t get what you want.