Being a practice manager, and possibly a new one, you need to get into the world of usernames, passwords, code numbers, portals and logins. You can do very little without a whole series of passwords; but the danger is that you’ll use a standard or obvious password and just once in a while change the number at the end of the password. This makes it an easy code for you to remember, but it also makes it easier to guess or break! (Example: Surgery1!)
It all started at the back door!
Does this sound like a familiar scenario to you? Walking into the building, using the staff entrance, I find there’s a digital key-code door-locking device on the door, then another keypad requiring a code for the burglar alarm. Then each door to staff areas and consulting rooms has a key-code device too, but they all require different numbers. My memory’s almost full and I haven’t even sat down at my desk yet.
At last, I sit at my desk, move the piles of paperwork and with the benefit of a username and password, I’m allowed to use the computer network. With another set of passwords and a smartcard, I can access the clinical system. Access to the payroll and accounts systems involves more usernames and passwords, as does access to the PCSE, Open Exeter, CQRS and NHS Pensions sites. I make that ten usernames and passwords and as yet I haven’t even picked up a pen. I then want to look at my emails. Password number 11. Next, l need to look at the bank balances. Password number 12. And so it goes on.
Scurrying around, as you do, you start to look at practice websites. The surgery has a website, so does the CCG. The local federation has one too! Again, there are logins to find and portals to enter. Even the accountant has a portal. Added to that, the NHS Choices website and the CQC website need passwords. You also need to know a variety of codes. The practice has a code. Each doctor has a GMC code. They may also have membership numbers and logins for the British Medical Association and their defence organisations…
Oh no, the fire alarm has just been set off and I need yet another code to switch it off!
Layers of security
Passwords have become an irritating but almost essential part of our lives. We do need to be secure. We also need to be sure our data is safe from those that might abuse it, steal it or forge it. But how many layers of security do we really need? The simple answer might be that once you’ve been allowed access to your practice computer system that should be enough. There should also be a way of allowing you access to various NHS and general practice sites at the touch of one key rather than having to set up a variety of passwords. Remember too that even your mobile phone can remember all your passwords, so once you’ve accessed the entry level you might be able to access everything, simply because your computer has a memory.
Cancel access for ex-employees!
Recent experience has indicated to me that great care needs to be taken when allowing access to data, whatever it may be. Don’t allow anyone else to use your passwords. Don’t allow anyone to use your smartcard. Avoid generic passwords and smartcards like the plague. I found an ex-employee still accessing practice information months after leaving. The use of generic passwords is most unwise. If someone leaves your practice, make sure their passwords are revoked or cancelled. In two cases I’ve come across recently, it needed the ex-employees themselves to cancel their own passwords. Not good enough! When an ex-employee has left in tricky circumstances and, for whatever reason, is in dispute with your practice, make sure they’re DELETED! The NHS email system doesn’t help here.
Cracking the code
And, finally, as long as you can remember it, make your password as difficult to crack as possible by mixing numbers and letters including punctuation. Changing the password regularly can also be a deterrent. Don’t wait for the system to remind you. My granddaughter was quite upset recently when I borrowed her iPad and accessed it immediately. “How did you do that, Grandpa?” she asked. “As easy,” I said, “as 1234!”