A peeve: The auto-logoff in Health IT

John Halamka wrote a blog post today that addressed some issues of the negativity that are affecting health IT. I wish I could be as positive as Dr. Halamka. Unfortunately, I am just not wired that way. My world view tends to be that of a critic. In this post I will take up a long-held pet peeve concerning an element of technical security used to protect HIT.

Last week John Moehrke wrote a blog about privacy and security in Meaningful Use Stages 1 and 2. His third point concerned inactivity timeouts or auto-logoffs. This seems like a good idea at first glance but inexpert implementation can cause a real barrier for users of HIT. I will provide two examples from my immediate experience. The hospital where I work has what would be classified as a HIMSS Stage 2 or Stage 3 EHR. There is a physician portal that encompasses a number of applications. Separate time outs are built into the portal and some of the applications and they do not communicate with each other. Today, I was reviewing the past medical treatments for a complex patient in ChartMaxx. I was right in the middle of scrolling through one of the medical documents for this patient when a time out window popped up (no prior warning was given). I was required to log into the application again with my username and password. This took me completely out of the patient's chart and the document I was reading even though I was in the act of reading the document and actively scrolling. I had to reenter the patient's medical record number, locate the instance of treatment I was reviewing and then reopen the document. In my opinion this is not efficient care. I know it is a waste of my time. Someone did not consider clinician workflow when the auto-logoff was designed. But that is not the only example of problems I run into frequently with HIT applications at my hospital.


In the hospital, radiographs are electronically accessed via a PACS system. The PACS requires separate credentials (username and password) to access the system from those either to use a computer workstation or the physician portal. PACS also has its own auto-logoff utility. It is set to time out after a few minutes of inactivity. This might be fine for a clinical area where the screens are close to area of high patient and visitor and patient traffic but it can create a lot of problems when surgeons use images in a long operating room case in which they need to review x-ray images. I like to log on to the system, access my patient's images that I will use in surgery and put them up on the screen so that I can refer to them while the OR team runs a patient safety checklist before the start of surgery to help in the process that confirms that we are operating at the correct site. Perhaps you can imagine my consternation when 15 minutes later, I have washed my hands, placed the surgical drapes and am about to start surgery when the program has timed out and all the carefully selected images are gone, and now I am scrubbed. Having a few minute auto-logoff for the OR, probably the most controlled environment in the hospital, does not make sense.


There are some solutions. 1) All users should be trained and re-trained about the importance of logging out when they are no longer using a computer that provides access to protected health information. If compliance were 100 percent then auto logoff would not be necessary. 2) The auto logoff could be designed so that this feature could be configured by users (not administrators of the IT system) to allow adjustment based on clinical requirements and an assessment of the risk of data breach at the workstation's physical location. 3) There are proximity controls based on infrared sensors or smartcard technology that can be used to control or limit access to user terminals.


There is not a perfect solution for every situation. Some approaches certainly are more user-friendly. Blanket application of a single time-out or auto-logoff policy is guaranteed to frustrate clinical users. A flexible approach, based on a risk assessment strategy, makes the most sense to me.