Healthcare Provisioning: Q&A with Marshall Maglothin

Posted: July 22, 2010 in Expert Q&A, HIPAA, Rethink Remote Access
Tags: ,

VPN Haus recently talked to Marshall Maglothin, a Washington, DC-based consultant specializing in healthcare virtual management. Maglothin gives us his perspective on keeping patient information safe without hindering speedy access to urgent data.

VPN Haus: What are the basics for provisioning employees at healthcare organizations?

Maglothin: All systems should have all users using unique passwords. Thus, the system has an electronic audit trail to record which employees accessed which records, with statistical outlier reporting.

VPN Haus: How do you ensure that the records are not so tightly controlled that it delays specialists asked to consult on the case or ICU personnel from urgently accessing the records?

Maglothin: All stations should have a time-out feature, and work stations in areas such as ICU and CCU are considered more secure/personnel constantly present, so the station’s time out may be longer. Once a station is logged-on, switching users by password should be real-time.

The greater issue is all the bedside workstations/wireless devices. If it takes more than 15-30 seconds to log-on (some take 90 seconds), then if a physician logs-on to 30 patients a day, that’s 45 minutes of lost PHYSICIAN productivity – no patient care and no reimbursement. Doesn’t sound like much. But calculate 40 hours per week for 250 days per year, this equals 188 hours or more than 4.5 work weeks lost to nothing but logging in!

VPN Haus: Staggering. So, if the consultant couldn’t access the records, it would be an example of a poor sensitivity error. What other errors should healthcare organizations be mindful of?

Maglothin: There’s the error of excessive credulity. An example would be a unit clerk on a certain building having a password that would allow her access to, say outpatient records or mental health unit records, for which she would have no reason to have access to.

There’s also the error of excessive skepticism. An example would be, a cardiologist might not be cleared to access mental health records, but one of the patients has just had a cardiac code and the cardiologist is called in for a STAT consult.

Marshall Maglothin is owner of Blue Oak Consulting, based in Washington DC.

[tweetmeme source=”vpnhaus” only_single=false]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s