Reduce employee temptation to snoop records

BOSTON—Authorized EHR users can see a lot more information than they need to, said Eric Liederman, MD, MPH, director of medical informatics at Kaiser Permanente in Sacramento, Calif., speaking at Medical Informatics World 2015.

“The only safe computer system is one that’s unplugged, shut down and locked in a vault.” But, healthcare is actively employing EHRs is for quality, safety and collaborative care.

Information access equals quality of care, Liederman said. No one knows exactly where a patient will have a heart attack or car accident so limiting access can be dangerous. However, there are increasing costs of privacy violations and 90 percent of healthcare organizations have had a data breach in the last two years.

Anybody can be tempted to access information inappropriately, he said. Immediately family members are one of the highest areas of temptation, he said. They aren’t necessarily bad people, and organizations need to prevent them from doing something that will hurt their career. Only giving providers access to patients in a given unit, for example, won’t work. “Patients move. Nurses float. When patients are transitioned is the most dangerous time in healthcare. When we lock things down we risk harming people.” But, giving everybody access to everything can create a corrosive culture of mistrust. He said he worked at one organization that did that and all the employees received their healthcare elsewhere because of widespread snooping.

The two basic options are access restriction and accountability. Access restriction leads to risk of patient harm, Liederman said. “The sicker the patient, the faster things change. Nobody can keep up. Someone they’ve never met can suddenly become most important person in that patient’s life.”

With accountability, systems allow broad access to support care but record all views. Complaints are investigated and systems use surveillance to find silent offenders. “Sanction the guilty and publicize sanctions. Put out the word that we’re looking. The result is accountability.” This approach deters temptation-driven mistakes. It removes barriers from people doing their jobs and protects high-risk privacy targets.

Allegations are just the tip of the iceberg, Liederman said. Audits are the top way to find inappropriate access. But, “we don’t want to use a ‘gotcha’ approach to get rid of good people.”

Kaiser uses login screen text to warn users and remind them not to snoop and that their information is safe.

The “break the glass” warning is a “powerful deterrent,” Liederman said. It offers a chance for those who are tempted to back off. If they proceed, they have to select a reason from a pick list, provide more text and re-enter their password or hit cancel. That can scare off some people who have a legitimate reason to break the glass, he said, so they look at serial cancelers.

Proactively monitor, don’t just investigate allegations, he advised. “Aim for high specificity. Test and refine. Keep communicating. The goal is deterrence, not workforce depletion. You want to get people to self-deter.” While it’s tempting to treat VIPs differently by locking down their information, Liederman cited a paper that looked at actual outcomes of care. The paper compared VIPs and regular outpatients and found a 22 percent increase in mortality for patients in private rooms.

A closer look at security is worthwhile, he said, because apparently, hackers had entered Anthem’s systems at least a year before the hack that impacted almost 80 million patients.