Below is a anonymised post based on a real-life situation:-
I am a junior doctor. I am trying to improve the working conditions in my hospital with a group of junior doctors, in order to provide better care in a more efficient manner so that we can spend more time with patients on their medical problems.
We feel that IT problems wasted a ridiculous amount of our time at work. A large part of our time is spent trying to log on to one of the many computers on each ward. Here it goes: Each member of staff has a username and password for Windows. Once you’re logged-in to Windows, anyone can access programmes for blood results, X-Rays and patient letters (through different programs which you need to log on again with different usernames and passwords) and the internet.
However, if you walk away and don’t log-out from windows (because you’re on a ward round and have to keep up the pace), the screen locks automatically and the next person who wants to quickly check blood results on their ward round can’t access that computer. That person can’t log you out. The only way to access the computer is to switch it off completely by cutting its power, waiting a minute or so, then switching it on again, then waiting while it re-boots another 2 minutes, then logging on. If you are already logged on somewhere else and nobody reboots the computer you are already logged on to then you can’t log on anywhere until you find the computer you are locked out of.
I reboot so many computers every single day on every ward at work, and so do all of my colleagues. I have never seen a patient or their relative sat at one of our computers trying to breach confidentiality. It just doesn’t happen and it can’t unless they have each program’s passwords anyway.
I brought this to the attention of the IT manager who booted me out of his office within minutes saying that wherever else I worked where they didn’t have this system must have been breaching the LAW of patient confidentiality. He was rude and an absolute brick wall to progress, typical NHS IT approach I’m sorry to say. I felt so demoralised and that is why I am bringing it to this group. I wonder if I should start by sitting on a ward for 12 hours and counting how many times each computer is rebooted on a normal work-day. Surely, for a start, this is not very good for the computers or the environment.
Thanks for your help.
A community of doctors and techies has since responded:-
Response 1 – Doctor with IT knowledge and skills:
http://support.microsoft.com/
Get your Medical Director to argue that machines left logged in are the TRUE risk to Patient Confidentiality, as well as a preventable breach of the IT security policy. Better still, get your Caldicott guardian to do it.
Easily solved but inconveniences users like him who don’t have to HotDesk.
Response 2 – IT professional:
I was under the impression that smart cards had become mandatory across the nhs as per IG rules meaning users had to log out on moving from pc to pc. Maybe it’s just in my small part of the nhs…….
Response 3 – Junior Doctor with an interest in IT:
My advice is:-
- Write to your Medical Director and cc: Chief Executive and Chief Operations Officer
- Audit the login/ logoff cycles, buy a clicker for each of your colleagues. Dr Gordon Caldwell who is a inspirational physician at Worthing Hospital is doing this to prove to his own IT staff the amount of logging in and out he has to do.
The way your IT manager has treated you is clearly unacceptable. Unfortunately, it is symptomatic of most NHS organisations who tend to undermine and denigrate their junior doctors. The tide is slowly turning and you and your colleagues are pioneers! The path for pioneers is hard but don’t give up. It is worth it. Our patients and the general public is depending on this.
Response 4 – Junior Doctor with IT knowledge and skills
I like the clicker idea, low tech but powerful. I’m sure it wouldn’t cost much to get a load of clickers. Arrange to meet with some fed up colleagues in the morning
What are the top 5 inefficiencies we want to count this week? Vote. Swap mobile numbers if haven’t already. Note who is working where. Agree ground rules for counting (Inc how will manage public relations e.g when patients/staff ask what you’re doing) Agree when/where will meet later that day.
Brief them on the inefficiency you will be counting that day
Meet at end of day to collect clickers and collate scores
Give feedback of scores to your group of quality improvement docs, chief exec, director of operations, director of IT (you all sign the letter and deliver by hand in a group). If still no change then there might be media interest in a group of junior docs having done this.
Also should write it up. By repeating the click count after stuff is, hopefully, fixed you have a nice QIPP project. Also demonstrates junior doc leadership.
Response 5 – Medical Physicist with an Interest in IT
At [removed], we have computers in communal clinical areas. They have a screen saver installed, (I can find the name of the program we use if you require, but a quick example I found is http://windowsxp.mvps.org/
after a period of inactivity.
We also have single sign on, (I can find the name of the program we use if you require). When logged in it recognizes login screens of computer programs and websites and enters your logon credentials. Personally I am not very keen on the idea as it means that my password in plain text is stored on an IT server, and is automatically transfered to anything that looks like a legitimate program, but maybe I do not need to log in to things as often as you do.
Response 6 - Doctor with IT knowledge and skills (same author as Response 1)
Respectfully, no (to the idea of the clickers)
I thoroughly understand the need and satisfaction felt by physically doing something, but no. Compounding the waste of Clinical time is not professional behaviour and likely to be ineffectual.
Effort needs to be focused constructively and precisely to force change. You need to talk in terms that Directors understand, which is achieved by highlighting existing policy (as was done by the original author). Obviously the path of least resistance is current inaction by IT & you need to change that comfort zone.
This problem can be easily averted by the WinExit screensaver or a Group
Policy. Of course Single Sign-On using NHS Smartcards are ideal end-game but will
take time and significant motivation/investment to action.
IHMO, finding out how much time is wasted is barking up the wrong tree. But it is much, much easier than has assumed: Audit logs of log ins & log offs are always kept.
You just need to know the reboot time & the number of times a log off did not follow a log on. IT has this; getting them to share is another topic.
I was intending to communicate that generic accounts were tried and failed, i.e. not a viable solution.
The main complications are internet access whether to ePortfolios/eMedicine
(surmountable) or to Google/Wikipedia/YahooMail (insurmountable).
NHS Websites, hosted off the nhs.uk domain are also troublesome e.g.
http://prodigy.clarity.co.uk/
Start contributing by leaving comments on the blog.
Although this should be someone else’s problem, I suspect you may have more success if you and your colleagues can come come up with a simple workaround yourselves. A couple of ideas:
1. Can the computers be set to log you out after a while rather than “lock up”?
2. Get into the habit of hitting “log-off” every time you get up out of the chair (a pain, I know, but perhaps better than the existing scenario).
3. Get your thinking caps on!
It can be solved!
Come and work in Auckland, Gordon! One log-in per doctor for all notes, letters, discharge summaries, pharmacy collects, hospital appts, radiology booking and radiology images (all Auckland public hospitals) and all lab results (internal and external within the greater Auckland region). Log-out log-in time usually <30sec. And yes, we do have rules about using other people’s log-ins etc. Sounds like you have a bad IT problem, but it needn’t be like that. Pretty frustrating for you! Best wishes T
As a CIO I understand your frustration but whilst I would agree that whilst a lot of hospital IT departments behave in the way you describe you can help yourselves with a more organised approach. I would compile a sensible (non-emotional) paper (short is good) that outlines your frustrations and how you think these could be addresed (not necessarily a technical solution). I would then take this to your CE and ask for his/her help. I would think this should open up a few doors for you.
The other thing to remember is that most IT staff don’t understand how hospitals work so you can help them by inviting them to see your frustrations in the clinical environment. They’re not stupid, they will understand the problem and hopefuly should help you resolve things. But remember they – like you – have certain constraints in which they have to work but if you approach things in a constructive way then hopefully things will improve.
The trust at which I work (I’m in IT projects) has successfully deployed single sign-on using chipped smartcards. This logs you in to every system automatically after it’s learned your usernames and passwords the first time you log in to each system. All you need to remember is a 4 digit PIN number to log on to the PC. Once you’ve finished with the PC, pulling out your card will automatically log you out of every system, and Windows, for the next doctor to insert their card. This ensures full patient confidentiality, assuming clinicians do remove their cards from the PC when they’re finished!