The EMR log only sees inside the EMR.
A fair question comes up here: does the EMR not already log who opened a chart? If every staff member has their own EMR login, yes, it does. But that audit trail stops at the edge of the EMR. It cannot see what happens everywhere else on the workstation.
Files saved to the desktop, a USB drive plugged in, an email sent, a document printed, a screenshot taken, a network share opened. On a shared Windows login, none of that traces to a person. And if everyone signs into Windows as the same account with the EMR password saved or shared, even the EMR log weakens, because you cannot prove who was actually at the keyboard. When someone leaves, the only way to cut their access is to change the password for everyone.
Two changes, both straightforward.
Individual logins for every staff member
Each person gets their own account with only the access they need. Now the workstation itself ties activity to a name, not just the EMR, access can be removed the day someone leaves, and one person's mistake does not lock out the whole clinic.
Two-factor on workstations
A password plus one more thing: a tap on the staff member's phone or a six-digit code. So a guessed or stolen password is not enough on its own to get into the clinic's systems. For anything that touches patient records, this is the baseline now.
No trace outside the EMR.
Every action traceable to a name.
It does not slow the clinic down.
The worry is always that this gets in the way of patient care. Set up properly, it does not. Staff log in once at the start of a shift, and two-factor is a single tap or a short code. We configure session timeouts and fast user switching so a front desk or an exam room works the way it always has.
The difference is that access is now controlled and auditable. If a privacy officer, a regulator, or a cyber insurer ever asks who could see patient records and how that was protected, you have a real answer instead of a shared password.
More medical clinic IT.
Questions clinics ask us.
The EMR may log who opened a chart, if each person has their own EMR login, but that trail stops at the edge of the EMR. A shared Windows login leaves everything else on the workstation untraceable: files saved locally, USB drives, email, printing, network shares. It also means you cannot remove one person's access when they leave without changing the password for everyone. Under PHIPA you are expected to control and track access to patient information, and a shared login undercuts that.
Two-factor means a password plus one more thing: a code from an app on the staff member's phone, or a tap on a hardware key. So even if a password is guessed, written down, or stolen, it is not enough on its own to get into the clinic's systems. For anything that touches patient records, this is now the baseline, not the upgrade.
Set up properly, no. Staff log in once at the start of their shift, and modern two-factor is a single tap or a six-digit code. We configure session timeouts and fast user switching so it fits how a clinic actually runs, rather than getting in the way of patient care.
Yes. We move clinics off shared accounts to individual logins, enable two-factor on workstations and on the systems that hold patient information, and document who has access to what. The result is access that is controlled, auditable, and ready to show a privacy officer or insurer.
Get your clinic off shared logins.
We set up individual accounts and two-factor on your workstations and patient systems, documented and ready to show a privacy officer or insurer.
or send a message