Help..fellow RN breaking into co-workers E mail

If you log onto the computer under your username and password (as opposed to a generic username/password), you leave all the applications that require security open to anyone who stops by. This includes emails, CMR/EHR (if your facility uses it) and electronic charting can be entered under your name.

This is why facilities are so stringent in their maintaining that you never, ever give out your information as well as the reason why IT would have their own access. Anything done on the computers is tracked through the username and passowrd that you are assigned and is reportable to law enforcement.

I would be more careful with my information if I were you.

I'm in nursing school now, but spent the past 10+ years working as an IT professional. Just a couple general points.

1) IT staff should NEVER, as in under NO circumstances, need your password (you may need to tell them your user id...but truly, even that's unlikely). Anything that IT staff need access to, should be provided to them through their account.

a) Hackers actually use this as a tactic to gain access to people's accounts. They'll cold call an organization and say they're with consulting firm XYZ, authorized by the VP of Information Systems and they're working to improve the speed of your access (which are magic words to most users). They go on to say something to the effect that they'd like to add you to their first rollout group...all they need is your user id and password....and PRESTO: the hacker has just bypassed a security system that cost mid-range six figures in less then 10 minutes.

It's frightening how often this works! To combat this, we actually created a corporate policy that stated if any IT staff member asked a user for their password, they would be fired. Of course IT created this policy as no one in IT would EVER ask for a password....we did it to make a point to our users.

In the rare occasion that I did need to log in to a specific user's account to troubleshoot something....as a system adminstrator...I would have changed their password, done what I needed to do, then changed it again to the system default, which would require the user to change it the first time they logged in. So, like I said...if they're doing what they're supposed to be doing, they NEVER need your password (sorry for the broken record imitation...but it's important).

2) E-mail has NO inherent privacy. It's about as private as a post card....everyone who takes care of the e-mail server in your organization (and between your organization and whomever you sent it to's organization if you sent it through the internet) has access to your e-mail. Now the flip side of this is (as someone who took care of a lot of e-mail servers....I can tell you this is the truth)....the IT staff are NOT interested in your e-mail, they have far to much of their own to look at, and it's unlikely your's is that interesting

Additionally, your work e-mail has even less expectation of privacy (so less then zero, I guess we're in negative numbers?), as your company owns it. That being said, your (non-IT) coworkers have no business in your account).

3) You are responsible for your account. If you in any way (log in for them, give your account info, don't log out, keep your password written down somewhere accessible --on the corner of the monitor and under the keyboard are popular-- etc) allow someone access to your account, most technology usage policy's state that you are responsible for anything that happens.

4) An unauthorized employee being in your work account is not likely illegal, but undoubtedly breaks the organization's technology usage policy (likely in your employee handbook and in some organiztions, pops up on the screen as you log in). If they had proof (or a confession) that he was in your account....I'm shocked he's not fired.

Truthfully though, you should probably be grateful, because as I said...most policies say if someone get's in to your account, it's your responsibility (most don't even say you "share" the responsibility...they say you are equally responsible.)

Generally folks don't pay attention to computer security, or data back-ups until something happens....then they become zealots!

I hope everything works out for you OP.

Peace,

CuriousMe

There really is a problem "charging" this man with this activity when the electronic data is corrupted by multiple users on an acct. Thus there might be legal issues, if your employer tries to discipline him for an activity done on your password/code.

Which is exactly why most corporate technology usage policies hold the owner of the account (not the perpetrator) responsible for any suspect activity on account. The person the account is assigned to, is the only person they can usually prove had access to the account.

The other issue is that usually email is a a separate account - how did this man get from the system into your email? Email accts in many facilities (though not all) are separate for this reason, so someone cannot get from one to the other easily. Problems occur when people use the "remember passwords" on the computers that they use at work, thus defeating another safety mechanism. Or have several screens minimized.

These days there's generally a "single sign on" So, say in a windows environment...once someone logs into their Windows account, they have access to their mail account and any database accounts they have. The security (user id & password authenication) is handled through one server that shares your credentials with the other systems.

The idea is that people do often use the same password on multiple systems....so, if you give the user a single account and then have the system require the user to have a complicated password (more than 6 characters with both cases of letters, numbers and symbols) then compliance tends to be higher.

A lesson, if someone else is using your account for ANY reason, always stay with them until they log out. Because in many facilities, no matter your story, YOU would be responsible for the acts committed under your account and YOU would be out of a job/disciplined. Yes, it is unfair, but that is what would be done in many places.

Even better, don't let ANYONE in your account. No exceptions. Really, anyone who needs to access whatever's in your account, should have their own account.

I feel so violated...an IT RN accidentally left my screen up in our office while my friend and I were on a break.. Our male co-worker then got into my E mail.......he had to click on the E mail icon to get into my mail...THEN he E mailed some of my mail to my manager and director in an attempt to get me into trouble.....and get this...he has done this before...he gets into our mail and then sends a messages impersonating that person and says stuff like..."please call me right away I am really mad at you". This man is out to get me...who knows why..perhaps he is jealous ..or some other reason....I have reason to believe he has been into my personal belongings as well. I think he should be FIRED!!!. He is an overall pain and complains about everything especially his schedule.....they called us in separately on Thursday to investigate....I was really angry and called him the evening before and calmly told him that if he ever violated my reasonable expectation of privacy again that he woud be speaking with my attorney....I sought legal advice before the call...and they told me that was OK...since I am not his superior...How come they did not fire him on Thursday,,,he admitted he did it...Has this happened to anyone else what are anyone's thought on how to handle this....I am really quite upset...the irony is that I trained this man......and everything he knows and can do with IVs.........I and my co=workers taught him and this is how this jerk behaves!!!

I don't think he should be fired.

I would wager that your company probably has a policy letting you know that you need to fully log out of the internet when you step away from the computer...for this very reason.

Be glad that it is only an e-mail and not an Omicell or Pyxis.

PS: You have no legal grounds to file anything against him.