Shared Access Versus Individual Access to Accounts

Updated on July 28, 2012

By Dean Wiech

A major concern for hospitals is the security and accessibility of their computers, applications and data. Clinicians, especially nurses, frequently share a common user name and password with several of their peers in an area of the hospital to make it easier to sign onto the computer and not waste additional time switching between users.

The trouble of doing this for the hospital or healthcare organization is that with several users logged into one machine at once, it is impossible to track how each employee is using the system  in case they ever need to construct an audit trail.

Recently, the U.S. Office of the Inspector General recommended changes to this practice as a way to reduce the security risks of organizations allowing employees to operate their accounts in this manner. The Inspector General pointedly stated that it no longer wants user names and passwords to be shared, but instead wants each user to be identified in the system.

The first step in complying with this recommendation is to create user accounts for every person in the facility that needs to access the network. While this seems like it would be easy to accomplish, there a number of factors that come into play: insuring accounts are created in a timely fashion; insuring proper access rights are given in the network, providing for appropriate access to required applications and making sure the account is disabled when the employee leaves.

In some cases it is feasible to link an HR system to active directory and other applications via the use of an automated identity management solution. In other cases, the organization wants more control over the account creation process and wants employees to sign documents, obtain department and systems owner approvals before having the account created. In either scenario, solutions like User Management Resource Administrator (UMRA) from Tools4ever can help solve this initial aspect of the issue.

Another practical solution to this problem is the use of a Single Sign On (SSO) product. SSO allows each user to sign into the system once and thereafter be automatically logged into each of their applications on the computer without having to enter additional credentials. Results from a recent Single Sign On pilot in the healthcare market revealed some concerns though with Single Sign On, including that the e-mail applications of the users might be available to others. Users voiced concerns that they felt very protective over their e-mail and wanted to make sure that no other people viewed their personal information. Of course, this issue also can occur if users have shared accounts on the same computer and fail to completely close a browser when logged into an email account, for example.

This concern can be easily alleviated though with Two-Factor Authentication. Two-Factor Authentication asks a user to present a second form of identification in addition to their AD user name and password such as pass card, pin code or USB token to access the workstation which would ensure security of their e-mail accounts. The conjunction of Single Sign On and Two-factor identification solves a HIPAA problem of security while also addressing the users’ concerns of privacy of their email accounts. The Two-factor Authentication also allows for fast user switching, thereby, reducing time spent by clinicians waiting on their profile to load.

To accomplish Two-Factor Authentication, it is a pre-requisite that each user have an individual account as mentioned above. This individual account, when coupled with an ID badge and reader on a PC, can go a long way to insuring that Inspector General and HIPAA compliancy are achieved.

By utilizing automated solutions for identity and access management, the burden on the IT staff can actually be decreased while managing more user accounts as staff shared accounts are eliminated and replace with individual accounts. Password management solutions, such as Single Sign On and Password Self Service, are also valuable tools to reduce the load on the IT and help desk staff.

Dean Wiech joined Tools4ever in April 2006 and is responsible for the Tools4ever, Inc. operations the United States. His duties include direct sales, as well as the responsibility for the sales, technology and consulting team along with the day-to-day operations for the company. Dean has been involved with sales and sales management in the software arena for more than 20 years – before joining Tools4ever he was Vice President of Sales for a Manhattan-based software company that specialized in cost allocation and spend optimization. He attended the University of Akron and studied Chemical Engineering before deciding to pursue a career in technology.

For more information, visit

+ posts

Throughout the year, our writers feature fresh, in-depth, and relevant information for our audience of 40,000+ healthcare leaders and professionals. As a healthcare business publication, we cover and cherish our relationship with the entire health care industry including administrators, nurses, physicians, physical therapists, pharmacists, and more. We cover a broad spectrum from hospitals to medical offices to outpatient services to eye surgery centers to university settings. We focus on rehabilitation, nursing homes, home care, hospice as well as men’s health, women’s heath, and pediatrics.

2 thoughts on “Shared Access Versus Individual Access to Accounts”

  1. To a certain point, BYOD in Healthcare can be a bad idea. I have been watching the debate around the security in Healthcare, there has been a big debate over which methods of security are best suited to add additional layers of security and authentication for account access and transaction verification without being unreasonably expensive or complex. The idea of people using their personal devices to enter the hospitals system or access secure date, greatly worries companies. But the fact is we are in the era of BYOD and add the increasing need for mobility, they need these companies need to stepup Two-Factor authentication and make it so employees can telesign into the system and access data securely.

Comments are closed.