Below is a anonymised post based on a real-life situation:-
I am a junior doctor. I am trying to improve the working conditions in my hospital with a group of junior doctors, in order to provide better care in a more efficient manner so that we can spend more time with patients on their medical problems.
We feel that IT problems wasted a ridiculous amount of our time at work. A large part of our time is spent trying to log on to one of the many computers on each ward. Here it goes: Each member of staff has a username and password for Windows. Once you’re logged-in to Windows, anyone can access programmes for blood results, X-Rays and patient letters (through different programs which you need to log on again with different usernames and passwords) and the internet.
However, if you walk away and don’t log-out from windows (because you’re on a ward round and have to keep up the pace), the screen locks automatically and the next person who wants to quickly check blood results on their ward round can’t access that computer. That person can’t log you out. The only way to access the computer is to switch it off completely by cutting its power, waiting a minute or so, then switching it on again, then waiting while it re-boots another 2 minutes, then logging on. If you are already logged on somewhere else and nobody reboots the computer you are already logged on to then you can’t log on anywhere until you find the computer you are locked out of.
I reboot so many computers every single day on every ward at work, and so do all of my colleagues. I have never seen a patient or their relative sat at one of our computers trying to breach confidentiality. It just doesn’t happen and it can’t unless they have each program’s passwords anyway.
I brought this to the attention of the IT manager who booted me out of his office within minutes saying that wherever else I worked where they didn’t have this system must have been breaching the LAW of patient confidentiality. He was rude and an absolute brick wall to progress, typical NHS IT approach I’m sorry to say. I felt so demoralised and that is why I am bringing it to this group. I wonder if I should start by sitting on a ward for 12 hours and counting how many times each computer is rebooted on a normal work-day. Surely, for a start, this is not very good for the computers or the environment.
Thanks for your help.
A community of doctors and techies has since responded:-
Response 1 – Doctor with IT knowledge and skills:
Get your Medical Director to argue that machines left logged in are the TRUE risk to Patient Confidentiality, as well as a preventable breach of the IT security policy. Better still, get your Caldicott guardian to do it.
Easily solved but inconveniences users like him who don’t have to HotDesk.
Response 2 – IT professional:
I was under the impression that smart cards had become mandatory across the nhs as per IG rules meaning users had to log out on moving from pc to pc. Maybe it’s just in my small part of the nhs…….
Response 3 – Junior Doctor with an interest in IT:
My advice is:-
- Write to your Medical Director and cc: Chief Executive and Chief Operations Officer
- Audit the login/ logoff cycles, buy a clicker for each of your colleagues. Dr Gordon Caldwell who is a inspirational physician at Worthing Hospital is doing this to prove to his own IT staff the amount of logging in and out he has to do.
The way your IT manager has treated you is clearly unacceptable. Unfortunately, it is symptomatic of most NHS organisations who tend to undermine and denigrate their junior doctors. The tide is slowly turning and you and your colleagues are pioneers! The path for pioneers is hard but don’t give up. It is worth it. Our patients and the general public is depending on this.
Response 4 – Junior Doctor with IT knowledge and skills
I like the clicker idea, low tech but powerful. I’m sure it wouldn’t cost much to get a load of clickers. Arrange to meet with some fed up colleagues in the morning
What are the top 5 inefficiencies we want to count this week? Vote. Swap mobile numbers if haven’t already. Note who is working where. Agree ground rules for counting (Inc how will manage public relations e.g when patients/staff ask what you’re doing) Agree when/where will meet later that day.
Brief them on the inefficiency you will be counting that day
Meet at end of day to collect clickers and collate scores
Give feedback of scores to your group of quality improvement docs, chief exec, director of operations, director of IT (you all sign the letter and deliver by hand in a group). If still no change then there might be media interest in a group of junior docs having done this.
Also should write it up. By repeating the click count after stuff is, hopefully, fixed you have a nice QIPP project. Also demonstrates junior doc leadership.
Response 5 – Medical Physicist with an Interest in IT
At [removed], we have computers in communal clinical areas. They have a screen saver installed, (I can find the name of the program we use if you require, but a quick example I found is http://windowsxp.mvps.org/
after a period of inactivity.
We also have single sign on, (I can find the name of the program we use if you require). When logged in it recognizes login screens of computer programs and websites and enters your logon credentials. Personally I am not very keen on the idea as it means that my password in plain text is stored on an IT server, and is automatically transfered to anything that looks like a legitimate program, but maybe I do not need to log in to things as often as you do.
Response 6 - Doctor with IT knowledge and skills (same author as Response 1)
Respectfully, no (to the idea of the clickers)
I thoroughly understand the need and satisfaction felt by physically doing something, but no. Compounding the waste of Clinical time is not professional behaviour and likely to be ineffectual.
Effort needs to be focused constructively and precisely to force change. You need to talk in terms that Directors understand, which is achieved by highlighting existing policy (as was done by the original author). Obviously the path of least resistance is current inaction by IT & you need to change that comfort zone.
This problem can be easily averted by the WinExit screensaver or a Group
Policy. Of course Single Sign-On using NHS Smartcards are ideal end-game but will
take time and significant motivation/investment to action.
IHMO, finding out how much time is wasted is barking up the wrong tree. But it is much, much easier than has assumed: Audit logs of log ins & log offs are always kept.
You just need to know the reboot time & the number of times a log off did not follow a log on. IT has this; getting them to share is another topic.
I was intending to communicate that generic accounts were tried and failed, i.e. not a viable solution.
The main complications are internet access whether to ePortfolios/eMedicine
(surmountable) or to Google/Wikipedia/YahooMail (insurmountable).
NHS Websites, hosted off the nhs.uk domain are also troublesome e.g.
Start contributing by leaving comments on the blog.