Skip to main content


Most Medical Staff Have Improperly Used EMR Passwords

By Alexandra Wilson Pecci  
   September 26, 2017

Nearly three-quarters of participants claimed to have used another medical staff member’s password to access an EMR at work.

A majority of medical staff surveyed have accessed an EMR system using a password improperly supplied by a fellow medical staffer, finds a new study published in Healthcare Informatics Research.

Researchers, from Ben-Gurion University of the Negev, Harvard Medical School, Duke University, Hadassah-Hebrew University Medical Center, and the Interdisciplinary Center in Herzliya, Israel, say theirs is the first study to examine EMR access among medical providers.

In the study, researchers gathered survey responses from 299 medical professionals, including residents, medical students, interns, and nurses.

Nearly three-quarters (73%) of the 299 participants claimed to have used another medical staff member’s password to access an EMR at work. More than 57% of participants (171 out of 299) estimated they have used someone else’s password an average of 4.75 times.

Of the medical residents, all (100%) say they had at one time obtained another medical staff member’s password with their consent.

Within the student and intern groups, 77% and 83% (respectively) used someone else’s access credentials because they said they "were not given a user account.”

Similarly, 56% of students and almost 70% of interns cited that their user access had inadequate permissions " to fulfill my duties" so they had to ask for someone else's access credentials.

Only half of the nurses surveyed (57.5%) reported using someone else’s password.

"The strength of an information security system is determined by the strength of its weakest link," researcher Dr. Florina Uzefovsky, an associate professor of developmental psychology at BGU and member of its Zlotowski Center for Neuroscience said in a statement. "Even a single breach may render an information system ineffective."

Among the researchers’ recommendations:

·         Make getting access credentials less difficult and time-consuming

·         Delegating administrative tasks and extending EMR system access to para-medical, junior staff, interns, and students in understaffed hospitals, especially during on-call hours

·         Better understanding the kinds of EMR access privileges each person needs for their jobs

·         Adding an option for each EMR role that grants maximum privileges for one-time use only, “allowing junior staff to make urgent, lifesaving decisions under formal retrospective supervision without having to sneak onto the EMR”

Alexandra Wilson Pecci is an editor for HealthLeaders.

Tagged Under:

Get the latest on healthcare leadership in your inbox.