Leaving computers logged-in is a security, and often also a patient safety, risk; so why it is commonplace in healthcare?
A year before leading the Conservative party to (partial) election success in 2010, David Cameron spoke to the faithful at conference and said “we will not make it if we pull in different directions, follow our own interests, take care of only ourselves.” This became known as the ‘we’re all in this together’ speech (although just how genuine a desire there was to share the pain is highly debatable); and there’s a message here for healthcare IT. Unless those employed at the coalface of care delivery and the deliverers of secure products and processes can agree that we’re all in IT together, then the future of a secure NHS looks about as assured as a smooth break with Brussels.
The truth is that healthcare is not the same as almost any other sector when it comes to data security. Conventional thinking, where security has to be seen as a business priority, gets kicked to the kerb. When your business is saving lives, patient care – quite rightly – rises to the top and nothing must interfere with that. Unfortunately, this conflict can and does hurt both data security and patient care. The insecure practice of leaving a computer terminal up and running and logged in, because it saves a few seconds over inserting a smartcard, is one good example.