The Power of the Pause-Click

May. 29, 2015

The average office worker in the United States clicks a mouse roughly 5,000 times per day, according to various non-scientific sources. This wouldn’t be something a healthcare worker would normally associate with computer security or care in dealing with Protected Health Information (PHI). Mouse clicks are routine ways of opening emails, navigating web pages, allowing program updates, and accessing the vast majority of interfaces on a computer.
When a worker clicks their mouse approximately 1.25 million times in a year, it can be mind-numbing to think about each one individually. Yet, many HIPAA violations can be attributed to accidental clicks: sending an email normally instead of through encrypted software, sending emails to the wrong address, clicking on an email attachment that installs malware to leech data, etc.

When considering best practices of working with PHI, one minor technique that goes a long way with the healthcare individuals dealing with patient data on a daily basis is the pause-click. This is a slight pause before clicking something: Send on an email or selecting an email address or clicking OK to a program installation.

The pause-click is a deliberate interjection from the computer user prior to making that mouse click. Thankfully, it doesn’t require considerable technical knowledge that can be intimidating even for I.T. professionals. The pause-click is only a brief moment from the healthcare staff using the computer to ask themselves “Is this right? Am I sure this is my intention?” It serves to pull them out of the autopilot mode workers can feel when dealing with mountains of email and web pages in their line of work.

Often, staff will recognize they accidentally sent information insecurely the moment they clicked the Send button. The idea of the pause-click is a best-practice method to prevent simple human error when dealing with mundane, routine aspects of working with patient data.
Preventing a HIPAA violation or breach is considerably easier than remediation after the fact. The most effective approach may not necessarily be trying to overload healthcare workers with technical jargon and rules, but rather relying on their intuition and encouraging them to pause for a moment before committing to that mouse click when working with patient data.