In this post, I will outline in my opinion, some of the most important practices to be mindful of to “protect your license”. Not only do these practices affect you, but also your co-workers, clients, and possibly even your family due to the nature of today’s connected world. Some of these best practices are good to use in your own personal life, as with computing technology today and so much sensitive data being digital – there is a lot to lose in a blink of an eye such as your identity or all your hard-earned money!
Securing your password
I personally take passwords very seriously. Think of your password as your license. Anyone with your password could snoop into patient charts, impersonate you, etc. at work.
So when IT recommends that you change your password yet again, you may be tempted to make a weak password, but it is your own best interest to follow best practice guidelines. Like me, you may have to type in your password often AND manually as sometimes the badge-in system does not work after a grace period. I make a semi-easy to type password that is also not easily guessable dictionary word. You can generate a “new” password when asked to change it by adding a few numbers or letters, for example, while keeping the original “root” of your password.
Password #1: 0tdud3x2019
Password #2: 0tdud3x2020
Password #3: 0tdud3y2021
Password #4: 0tdud3y2022
and so on…
instead of password = “otdude”, which is easily guessable!
I see users doing this less now, but another no-no is writing your password down and pasting it under the monitor or writing it down in general. Instead, use a Password Manager which locks the password instead of leaving it out in the “open”. Even if you lock the written passwords in your locker, locks could be easily cut or picked by someone who really knows what they are doing, and there goes everything!
Stepping away for just a second? Log out! Every day at work, I can probably count at least 5 monitors that are left unattended. Imagine if I was a bad actor. With social engineering, someone malicious could theoretically dress up in scrubs, walk up to an unlocked computer, and have at it for hours and no one would even notice. And what they do would all be under your name & license. Even worse, imagine if they installed some type of backdoor that allowed them to compromise the entire company network/database. They WILL be able to trace it back to you, and you do not want that on your shoulders. Scary isn’t it? Hope this motivates you to change your logging out habits.
Another word of caution, as I made this mistake one time as well. If you have to sign on “twice”, remember to log out “twice”. For some of our workstations, we log on normally, but it does not have access to our usual desktop. For example, the first time you sign on, it may be to a newer version of Windows, but all the employees’ desktop are based on an older version of windows and have their work files on such older version. What IT does to circumvent this is to have users log on again on a virtual machine. It is sort of like the movie Inception, where you have a second window that displays the older version of Windows to what you are used to seeing. When you log out, you are technically logging out of the 2nd “virtual” instance, but you have to remember to log out of the 1st one as well. If non of this makes sense, basically:
Log out, and wait for it to fully log out instead of clicking log-out and immediately walking away.
Know your Scope
This one may seem obvious, but know what your scope is in practice. AOTA or your workplace likely has some literature on what you should or should not be allowed to do.
You likely have been trained on HIPPA prior to your hire, but remember to protect user privacy. This includes charting in the open and allowing others to glance or your shoulder, leaving sensitive patient pictures/videos on your phone, throwing sensitive data away insecurely in the trash, or discussing patient confidential information over insecure email or in public places.
Optional, Highly Recommended – Insure Yourself
I currently pay ~$40/year to insure myself against malpractice, HIPPA violations, etc. Your work may have some form of insurance already, so you may consider researching it, but you may be per diem, part time, etc.
Also, do you think your employer really has your back/best interest when they are getting sued. Insurance is so affordable and although you will likely never have to use it, personally I think the benefits outweigh the nominal cost. AOTA members also get a discount through their portal, check it out!
Follow Your Gut
If something does not feel right, do not do it, or err on the side of caution. Reflect on what happened, and learn from your experience.
Be safe out there everyone!
Look into the topic “social engineering”, it is very interesting in today’s world how easily we may reveal sensitive data that can build up to a more serious breach. Many large companies have fallen prey to this technique, and it is not hard to do if someone really wants to get in. On that note, do not leave your name, personal information, even photographs in public.