Staff privileges and system security are two common features of surgical instrument tracking systems that we are often asked about.
Hourly rates or process costing information, for example, is usually considered confidential and for this reason CSSD and theatre managers need to be able to regulate who can and who cannot access this level of detail.
Network IT adminstrators too, have an interest in this topic as they need to ascertain the level of security provided by the tracking application.
My experience is that the needs of clinical managers and those of network IT administrators don’t always align. Individual stakeholder requirements warrant careful consideration to achieve successful and sustainable outcomes for all concerned.
This post discusses how to navigate the area of staff privileges and security to meet and satisfy all stakeholders' needs.
Short on time? Why not download our handy 1 page User Roles Chart?
Administration and process are the 2 main parts to an electronic tracking system.
Administration is setting up and maintaining system settings such as details relating to staff, roles, hourly rates, hospital departments, vendors, sterilizers, washers, preparation areas, theatres and so on. Typically this information is considered confidential so you need to have the option to set and manage user privileges to protect this often sensitive data.
The editing of records is another important aspect that needs to be considered. People make mistakes and records may need to be edited, changed or updated. Do you want all your staff to have the ability to do this, or just a few?
A surgical instrument tracking system needs to have the ability to either deny or allow selected users to view and edit records. In my experience, administrative functions are used only occasionally. For the most part, once set up you don’t need to change them again. You will need a group of user administrators across all shifts that have access to these functions. We refer to these as super users.
Editing functions can occur at any time and sometimes a super user may not be immediately available to edit a record. This may have time critical implications and can negatively affect the efficient release of items from CSSD. For this reason we recommend you have group of CSSD users who are granted access and have the ability to view and edit process records, but not have administrative access. We call these CSSD plus users.
The majority of staff who use a tracking system however will be the ones that print barcodes and scan. These are the process staff and they really don’t need access to the system other than be able to print barcodes, scan items and pass loads. We call these CSSD users.
Likewise, the majority of theatre users will just be scanning sterile item barcodes to patients. They are theatre users. And like CSSD plus users, you may need a group of theatre users who have the ability to edit records. Logically, we refer to them as theatre plus users.
So you can see a pattern starting to develop here of staff privileges that revolve around the type of roles they perform. Hence the term ‘Role Based’ privilege system.
This is where network IT administrators become interested. Role based systems require a secure methodology to deny or allow access to certain system functionality based on the role a staff member performs. So that means SECURITY.
Typically each user will have their own network system ID and password that allows users to log into the hospital mainframe (network). For example when you arrive at work you will need to log into the hospital mainframe before you can do anything on a hospital computer. Once logged in (depending on the privileges set by your network IT admin) you will have access to the Windows desktop with icons that allow you to use a number of software applications. Administrative applications such as staff rosters and operating room applications often require another log in. You log into these applications, do what you have to do and log out. It’s one person on one computer at a time.
Electronic tracking systems are different in that many different users will need to use one or two computers located in a central area in CSSD to print and scan barcodes. This is why network IT administrators may have differing requirements to a clinical administrator.
IT admin would prefer that each user logs onto the tracking system, does what they need to do and then logs off. Just like the staff rostering system.
However, in our experience this severely impacts the efficient production of sterile items. Users will need to log in and print some barcodes, then log out. A couple, of minutes later someone else will need to log in and print another barcode or two. Staff are continually logging on and off of the same computers over and over again just to print a barcode! Not only does it slow production, it drives users crazy!
Therefore a ‘Role Based’ security system is required where users don’t need to continually log in and out of the system to print barcodes, they just need to log into a particular screen WITHIN the system that requires authentication based on their role based privilege.
This allows the great majority of users to access the tracking system and print barcodes without needing log in at all. Production is not affected. We call this anonymous access.
There’s a lot to consider here, but the main point I’m trying to get across is that traditional methods of security are not necessarily suited to high production environments like CSSD’s.
Traditional methods of security requiring users to log in and out of the tracking application to perform simple tasks that are a low security risk such as printing a barcode label, will negatively impact production.
In our experience a security system that is ‘Role Based’ works very well. It satisfies the needs and requirements of clinical and network IT managers alike.
It’s something to consider when speaking to prospective tracking systems vendors and something to keep in mind when your Network IT administration becomes involved in the selection process.