For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
Full story available at
Investigators have been unable to trace a doctor involved a medical blunder that ended in a patient's death because staff in a Devon hospital had been sharing passwords. The doctor whose password was being used was not working at the hospital at the time.
Password sharing in the NHS is said to be endemic partly because it has been reported that Login times could be as long as 10 minutes – whereas if everyone shares the same Login & Password for the shift, then with continuous access every minute or so no-one
ever gets timed out.
Bar & Restaurant Staff have to continuously have to Logon & Logoff from the Cash Register – but they achieve this in seconds using Tokens such as BarCodes or Magnetic Stripes.
Why couldn’t the NHS give every Doctor & Nurse a Tesco Clubcard-style Badge on a Keyring, and they could swipe in & out that way in a matter of seconds – after all this really was a matter of life and death, and we don’t even know who was negligent.
The inclination to share passwords is the bane of many policy wonks' existance. It arises naturally when humble users seek work-arounds to improve their day-to-day workplace situation. A culture of work-arounds is especially prevalent throughout healthcare
technology (not just health IT) as smart professionals working in close teams with dozens of 'machines that go ping' strive to get the most out of their equipment and to compensate for all-too-common shoddy user interfaces.
In the specific case of computer logon, we're all caught up in the transition from username+password to something smarter and more robust. I am one of those that has great belief in smartcards, because of their power as holders and notarisers of personal
credentials, and also because they are so intuitive. We have all been trained for decades to pop a card into a slot, enter a password, and get things to happen. It's the most natural form factor for computer logon (perhaps using contactless cards in many
hospital settings, with or without PIN depending on the application concerned). Response times in smartcard log-on should be near instantaneous. The practical deployment of systems like Sun Rays is encouraging, where telecommuters enjoy added features like
session portability, which is a huge benefit in healthcare.
The dreadful logon delays in the new NHS systems I think has something to do with the centralisation of healthcare professionals' credentials. There is a two-stage process of first identifying a user, followed by extracting their authorisations from a central
repository. IMHO credentials are better secreted in the smartcard, notarised by digital signature, so that remote systems can rely on their 'pedigree' without referring in real time to central mission critical gateways that must be engineered with stupendous
availability and bandwidth so as to limit bottlenecks.
available for hire
17 Aug 2007
This post is from a series of posts in the group:
A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.