Windows and Macintosh computers allow you to make separate user accounts for everyone who might use the device. The Windows Surface tablet also allows this. So wherever you can make separate accounts for people, you should do so.
Keeping It Separated
There are a couple advantages to creating unique user accounts for everyone who might use a computer:
- People other than the clinician generally can’t access the clinician’s information.
- The activities of every person get logged.
Separate user accounts mean separate sets of files. If a clinician keeps healthcare files in one account, those files are unlikely to be accessed by someone logging in from another account. In fact, it can even make sense for a clinician to make one account for professional work and one for personal use.
Also, the computer does keep a record of who logs in and out of the computer (that’s why it is called “logging in.”) With separate accounts, you may be able to see if anyone is using the computer when they shouldn’t. Or if something was done on the computer that qualifies as a security incident, you may be able to see who was logged in to the computer at the time of the incident.
It’s For Software, Too
Everything your practice uses that has logins should have separate logins for every person. So it’s not just computers — it’s also software and cloud services.
Some practices still use record-keeping software that runs on a computer (as opposed to the cloud.) In these cases, everyone who uses the record-keeping software should have their own, unique login for the software.
Everyone who uses the practice’s cloud services should also have a unique login account. We’ll discuss that more in section 6.
What About Mobiles?
Unfortunately, smartphones and tablets generally don’t allow multiple user accounts. This is because these devices are designed with the intention that every adult has their own and doesn’t really share it. This isn’t always true, but it’s how the machines are designed.
Fortunately, these devices are also frequently used to access cloud services more than they are used to run apps that handle PHI directly on the device. If sharing such a device is necessary, a good measure is to avoid using apps that store information directly on the device. In addition, ensure that cloud services are logged out of before passing the device to the next person.