Recently we received a phone call from the IT department of a client who was having some issues with our system. During the conversation it became clear that we had an instance where someone had shared their password. It came out accidentally and was not done maliciously. Our system is configured in such a way that client logins only allow them access to their own data, so no harm was done. We just disabled the user in question while the facility investigated the situation.
I kept thinking about this over the weekend and wondering why anyone would share a password. We all know that we should not share our passwords with anyone. We live in a password world. Our lives are full of them, and we can’t even log into our social media to play a game without one.
We bank online and pay our bills with the click of a mouse. Would you share your banking password with your neighbor? I really like my neighbors, but I wouldn’t give them my banking password. As much as I would love to have them pay my electric bill, I just don’t think they would do that if I gave them my password. I’m sure most of you are thinking “well of course not.”
Sharing your password with someone at work is the same as sharing your password with a neighbor. In protecting PHI, HIPAA has told us that we need audit trails. They have also told us that we need to monitor those audit trails. If you share your password with someone and they make a mistake, who will be blamed for that mistake? What if they cause a HIPAA breach with YOUR login? Who is held responsible? You can say it wasn’t you, but the logs will say differently.
If you job share or share duties with someone and you both need access to a system, you can each be given your own login. That way, the logs will be accurate and you will be HIPAA compliant. More importantly, you will not have to worry about being responsible for the mistakes of others. Now is the time to go and remove all those sticky notes with passwords and user IDs that you allow people to use. If anyone else has had access to your password either because you told them or because it was on a sticky note on your monitor, reset your password immediately so that only you know what it is.
Hey, did I mention Don’t Share Your Passwords?
No related posts.