Healthcare Provisioning: Q&A with Marshall Maglothin

by VPNHaus | 07/22/2010 |Expert Q&A, HIPAA, Rethink Remote Access

VPN Haus recently talked to Marshall Maglothin, a Washington, DC-based consultant specializing in healthcare virtual management. Maglothin gives us his perspective on keeping patient information safe without hindering speedy access to urgent data.

VPN Haus: What are the basics for provisioning employees at healthcare organizations?

Maglothin: All systems should have all users using unique passwords. Thus, the system has an electronic audit trail to record which employees accessed which records, with statistical outlier reporting.

VPN Haus: How do you ensure that the records are not so tightly controlled that it delays specialists asked to consult on the case or ICU personnel from urgently accessing the records?

Maglothin: All stations should have a time-out feature, and work stations in areas such as ICU and CCU are considered more secure/personnel constantly present, so the station's time out may be longer. Once a station is logged-on, switching users by passwo

The greater issue is all the bedside workstations/wireless devices. If it takes more than 15-30 seconds to log-on (some take 90 seconds), then if a physician logs-on to 30 patients a day, that's 45 minutes of lost PHYSICIAN productivity - no patient care and no reimbursement. Doesn't sound like much. But calculate 40 hours per week for 250 days per year, this equals 188 hours or more than 4.5 work weeks lost to nothing but logging in!

VPN Haus: Staggering. So, if the consultant couldn’t access the records, it would be an example of a poor sensitivity error. What other errors should healthcare organizations be mindful of?<br>

Maglothin: There’s the error of excessive credulity. An example would be a unit clerk on a certain building having a password that would allow her access to, say outpatient records or mental health unit records, for which she would have no reason to hav

There’s also the error of excessive skepticism. An example would be, a cardiologist might not be cleared to access mental health records, but one of the patients has just had a cardiac code and the cardiologist is called in for a STAT consult.

Marshall Maglothin is owner of Blue Oak Consulting, based in Washington DC.

[tweetmeme source=”vpnhaus” only_single=false]

This website uses cookies

We use cookies to personalize content and analyze access to our website. You can find further information in our data protection policy.