I found out that my Director of Nursing has a spreadsheet of usernames and passwords of all the licensed nurses and home health aides at our company, I believe they are using these to complete incomplete charting, specifically from HHA's. I have been at this company for almost a year, but have never been promoted to change my EMR password. I recall at other places I have worked, my password would expire every 3 months or so & I would have to create a new password.
My first question is, Is there any circumstance in which anybody should have someone else's electronic medical record password? I believe nobody should have my username and password, there is no reason to have it.
My second question is, if my company does have a list of nurses' password and is using it to alter/complete other nurses' charting, what would be the proper way for someone to report that?
The company I work for only works with medi-cal patients, we have zero managed care or Medicare patients.
I used to work for a major home health agency who had access to passwords. Another small home and community based agency had it too. The major reason is to modify charting under your name. You can report them to your state.
As for the user names and passwords, IT has access to everyone's user names and passwords so I am not surprised the CNO has a list too.
Sorry, this is not accurate. User names may be standardized so that the organization has standard names: [email protected] for instance. These are, of course, easily guessable.
But passwords are NEVER available in a form that allows anyone else - including IT - to view them.. This violates every good security standard out there. The Joint Commission makes a point of ensuring EMR safety as a high-priority item for accreditation. Unencrypted passwords sitting on a database would be a gigantic fail.
Often small organizations feels that "we're not on anyone's radar" or "we're not important enough to hack". Oh, yes you are.
Hacking organizations can "fingerprint" users with something as simple as a user name - let alone a password. They can send frighteningly realistic orders and make requests (a technique called phishing) that could lead a nurse to make a serious error. In addition, once someone knows your security credentials - and people tend to reuse passwords - they can often access other pieces of your identity.
Remember, if anyone else (including the DON) is using your credentials - you have lost the security principle of "repudiation". You can't say "Someone else made this error/entry." (Well, you can say it but it will NOT matter.) Actions while someone is logged in with your credentials are considered non-repudiatable...
You will have no/ZERO legal defense against any action or documentation done by another person. You will be held responsible since it was your credentials being used.
I used to work for a major home health agency who had access to passwords. Another small home and community based agency had it too. The major reason is to modify charting under your name. You can report them to your state.
This is falsification of a medical record which is actionable by the board of nursing , as well as illegal. I'd leave this employer immediately, report to BON, and possibly contact an attorney.
Specializes in Mental Health, Gerontology, Palliative.
TonyaMarie said:
As for the user names and passwords, IT has access to everyone's user names and passwords so I am not surprised the CNO has a list too.
A reputable IT department has access to user names, and the ability to reset a user password to something like hello1. When entered into the computer it will prompt the user to reset the password to something else.
A user name is the equivalent of a written signature. If a manager is going into the record under a different user they are falsifying records which is illegal, unethical and as dodgy as all hell.
It floors me that nurses think its acceptable to alter another nurses charting. Had to have this convo with a nurse who had altered something in my note.
She was like 'you put the time in wrong (by 20 minutes)
I'm like "Either ask me to change it or put in an addit 'time in previous note incorrect by 10 minutes, but keep your hands off my documentation"
I'm wondering how they managed to gain access to your documentation to be able to alter your note.
feelix, RN
393 Posts
I used to work for a major home health agency who had access to passwords. Another small home and community based agency had it too. The major reason is to modify charting under your name. You can report them to your state.