How to hack any hospital computer

-Use the password taped to the monitor

How to hack any hospital computer (L337 version for advanced security systems)

-Use the password taped to the back of the monitor

As a computer guy: This is what happens when you have too much security. It reaches a tipping point and then suddenly you have none.

Security at the cost of convenience comes at the cost of security.  

This is true of so many things in healthcare.  Example: our software is designed to automatically alert the doctor if a patient’s vital signs are critically out of range.  If someone has a blood pressure of 200/130, the doc gets a pop-up box that they have to acknowledge before doing anything else.  It makes sense, in our setting.

But then some mega-genius upstairs realized something: the system was only alerting for critical vital signs, but not for all vital signs that could possibly be bad.  Like, yeah, 200/130 is potentially life-threatening, but 130/90 is above ideal and can have negative effects on health.  Should the doctors be allowed to just ignore something that could negatively affect a patient’s health?  Heavens no!

So now the system generates a pop-up for any vital signs that are even slightly abnormal.  A pressure of 120/80 (once considered textbook normal, now considered slightly high) will create the pop-up.  We have increased our vigilance!

Well, no, what we’ve actually done is train doctors to click through a constant bombardment of pop-ups without looking.  We’ve destroyed their vigilance and made it much easier for them to accidentally skim past life-threatening vital signs.

But you can’t tell that to management, because you’d have to confess that you are a flawed human with limited attention resources.  They’d tell you “well, all the other doctors take every abnormal vital sign seriously, it sounds like you’re being negligent.”  And if you’re smart, you back down before you start telling the big boss all about your habit of ignoring critical safety alerts.

The end result is exactly the same as if we had no alerts at all, except with more annoying clicking.

This is called Alert Fatigue.

This is a major issue in the IT industry, especially in Medical IT. For that matter, it is a problem outside of IT as well, but this specifically is something that software companies actively try and avoid doing. Unfortunately, that doesn’t mean management listens and tends to bypass those default settings…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post Navigation