My wife is furious. Her new boss is demanding her password so she can login to her account. The XYL has given this in the past, but the woman has sent emails from this account and rearranges the H drive. So she changed the password and won't let her in. The supervisor can login on that machine with her own password and account.

Is this normal? I have never had these experiences.

She is in a hospital which is a large network of hospitals. The boss has sent emails from her account. This is no small operation. The XYL is at a leadership class today miles from her office and she has on her cellphone the voicemail from her supervisor demanding her password.

I don't know what their written security policy sez.

I will recommend she send this file to IT and HR as well. This supervisor is wrecking the credentialing records.

He has checked and found emails that were sent from her account while she was on vacation.

She is going crazy with this person. Her reputation has been damaged she says. People won't work with her anymore since this new supervisor started 2 months ago.

She is in a hospital which is a large network of hospitals. The boss has sent emails from her account. This is no small operation. The XYL is at a leadership class today miles from her office and she has on her cellphone the voicemail from her supervisor demanding her password.

I don't know what their written security policy sez.

I will recommend she send this file to IT and HR as well. This supervisor is wrecking the credentialing records.


A hospital? That supervisor is flat out bonkers, and if the hospital administration is on the ball at all, she won't be a supervisor for long.

Hospitals are required to be compliant with HIPAA, and although the information in question may not be directly related to patient care, the hospital is required to put in place structures to prevent unauthorized access. There is NO WAY password sharing is acceptable in such an environment, and I'd bet the hospital has had employees take training saying as much, among other things.

Your XYL should move with alacrity on this. After all, the damage being done to the files is being done with her login credentials, right? Can she prove otherwise?

At my outfit, shenanigans like this are grounds for immediate dismissal, especially if you go fscking around with a domain admin's account credentials. In a hopsital...someone needs to report this person to that organization's IT/HIPAA Compliance department, and if they don't have such an entity they're evenutually going to end in deep sh.....

As the Sr Unix Admin of a large financial firm I recommend the she goes IMMEDIATELY (as in FIRST thing tomorrow morning) to the head of IT security and tells them what is happening and what has happened. DO NOT log in to the account until they tell her to so they can gather evidence and DO NOT tell the supervisor what she is doing with security.

The supervisor is in violation of MANY laws and evidence gathering is required before anything else changes.

I do not shit you here, do what I say and she will keep her job.

Thank you everyone. Todd, your info was great to take along. She will do that.

She has talked to HR about the badgering she is getting for not releasing her password as well. But IT is involved now too.

Thank you everyone. Todd, your info was great to take along. She will do that.

She has talked to HR about the badgering she is getting for not releasing her password as well. But IT is involved now too.

Excellent. I would expect the Super is going to do the perp walk pretty soon.
That sort of thing can get you fired so hard you have to either lie about why you left the last company and hope no one checks or change careers.

I think now she was ordered by the COO so that they would not have to open accounts for the super. That way, the super and the XYL would use only one account.

This gets real big. The COO was a consultant out on probably the longest island in the 48 states before she came here. Strange that she does not seem to know anything about hospital staff operations. Also the super is all certified with passing the exams where all these procedures are tested.

I think now she was ordered by the COO so that they would not have to open accounts for the super. That way, the super and the XYL would use only one account.

Nice...COO handily implicates himself/herself. All that's left is for the 'super' to do something illegal with your XYL's account, and Blammo ! Instant complicity charges.

(As an aside, a coworker and myself were asked today to develop a tracking tool for our network-analysis monitoring suite...said tool will look at password-abuse capers and fire off reports to the appropriate incident-handling and compliance-monitoring staff...)

Gawd, I can't understand why they are so cheap with accounts!

It's not like it costs them anything.

Todd - I'll give you a better one. I used to work for a small insurance company. Our environment was Informix running on DEC OSF/1 (Digital Unix).

The underwriting clerks used to screw up and send print jobs that they had to cancel.

Often the print queue would get totally fubared and I had to go in as root and manually clear stuff out.

You know, they had the gall to go to the GM and tell him that they need root access?

For what?

Luckily the GM trusted his I.T. staff, which was me and 3 other people, plus my manager and his manager.

But these clerks would always make it an issue at every meeting!

That's outta hand!

End users with root? I'd rather walk out the door right then and there than be the one to grant that kind of access, sign off or no.

Update:

The XYL got no support internal with the infractions she endured at the job site. So I recommended she resign.She was putting in 14 hours a day for 6 days a week to maintain the files on doctors and keep credentialing up to date and accurate. She was salaried, so most of the work week was for free.

He supervisor treated her like dirt and begged her to stay. I told her that that worthless supervisor could put in 14 hours a day for 6 days a week, but she wouldn't put in 5 minutes over 8 hours for 5 days.

Anyway, we recently heard that the supervisor is no longer there. Hunh. Did she quit? No. She has an audit from the Joint Commission and they found that one of the documents was not signed off properly. This is no big deal because there is paperwork in the system that attests to the validity of the approval process and the missing signature could be seen as an oversight. A simple ding in the Commission report. Kinda like getting a 92% on a test rather than a 100%. You could still be looking at an "A".

But no. She rubber stamps the document and predates the document. The next day when the Joint Commission comes back, they see this fraudulent signature and write the hospital up on fraudulent practices.

Pam is happy to be out of there.

That's rough. Hopefully she can find a good job with better hours. :(

Sometimes it's for the best. No sense staying somewhere you're not happy.

She is taking a break for now.

It was not only a matter of not being happy with where she was. She was hired by one person who knew her for this position. That woman quit and they put this dingbat in charge. In less than a year, my wife took that department from a total mess where the paperwork was not traceable to a system that worked well with the hospital guidelines. Then the new supervisor falsified documents and skipped processes to expedite the paperwork flow. My wife knew that these are federal offenses and wanted no part of these practices when management was notified and did nothing.

I'm hoping they like the same news my wife gave them coming from the Joint Commission better.

Good for her. A stand up gal, no doubt.

And she puts up with Jerry, badumbum

You had to see that coming :mrgreen:

For that very reason alone she should be canonized.

Anyway, we recently heard that the supervisor is no longer there. Hunh. Did she quit? No. She has an audit from the Joint Commission and they found that one of the documents was not signed off properly. This is no big deal because there is paperwork in the system that attests to the validity of the approval process and the missing signature could be seen as an oversight. A simple ding in the Commission report. Kinda like getting a 92% on a test rather than a 100%. You could still be looking at an "A".

But no. She rubber stamps the document and predates the document. The next day when the Joint Commission comes back, they see this fraudulent signature and write the hospital up on fraudulent practices.


very serious business. i have only been with the VA for one JC visit and it's a huge freaking deal (even for those of us in research). i think your XYL did the right thing by getting out when she did.

Thank you all for the support here. It really helps.

She went through numerous JC visits because she was taking over the office from some idiots who would not properly file and maintain files. They were breathing down her neck but they were patient to see how she managed the work and she got good feedback for what she had accomplished.

When her new manager took over the department when my XYL cleaned it all up, I knew there would be problems ahead and demanded she quit. She turned in her resignation in the middle of January and it was rejected. In 2 weeks I told her to turn it in again. They accepted it then as she refused to allow them to reject it. I knew that the new manager would cut corners and blame Pam for fraud. She was already blaming her for her own problems, but those issues stayed in the hospital.

The Hospital Office Manager song

Cause she's gone, gone, gone
I dont know if I'm happy
I don't know if I'm sad
She's gone gone gone
I dont know if i'll cry
I dont know if I'll die laughin

Thank you all for the support here. It really helps.

She went through numerous JC visits because she was taking over the office from some idiots who would not properly file and maintain files. They were breathing down her neck but they were patient to see how she managed the work and she got good feedback for what she had accomplished.

When her new manager took over the department when my XYL cleaned it all up, I knew there would be problems ahead and demanded she quit. She turned in her resignation in the middle of January and it was rejected. In 2 weeks I told her to turn it in again. They accepted it then as she refused to allow them to reject it. I knew that the new manager would cut corners and blame Pam for fraud. She was already blaming her for her own problems, but those issues stayed in the hospital.

The Hospital Office Manager song

Cause she's gone, gone, gone
I dont know if I'm happy
I don't know if I'm sad
She's gone gone gone
I dont know if i'll cry
I dont know if I'll die laughin

As has already been pointed out asking for your wifes credentials was/is/should be a security violation.
The company I work for has strict security protocols and they are adhered to from the bottom to the top.

When your dealing with patient confidential information (hospital) or customer financial information (bank) the price of a secuirty breach is huge.

You never give your password to anybody, for anything, and report those who ask that you do.

She played along a few days until the supervisor was sending emails from her account and I told her to change her password and not give it out again.

The super was giving the excuse that she needed the password for access that IT had not yet given to her. I told my wife to tell her that this is not her problem.

The super kept demanding the password. My wife ended up quitting over the fact that she was always being asked to make shortcuts on processes that are being reviewed by the Joint Commission. She naturally refused and reported all these items. Nothing was fixed, and she left. The supervisor was subsequently fired for falsifying documents that the Joint Commission caught. The super had forged signatures. The hospital listened to the Joint Commission but they didn't want to hear it from my wife when she was there.

I know for a fact that the super would have pinned it on my wife due to the fact that they tried to pin the blame on the file clerk. It could not have been my wife because the commission found the unsigned document after she left and saw it was signed and back dated the next day.

The system has no protection for decent people.

so this is now resolved, right?

we just had an inspection a week ago and nobody on station has seen the resulting report yet. as you might imagine, anxiety is quite high ...

so this is now resolved, right?

we just had an inspection a week ago and nobody on station has seen the resulting report yet. as you might imagine, anxiety is quite high ...
It's resolved because my wife quit. She went to the administration with these security breaches and she got no support from anyone. They asked her if these security problems were intentional on the supervisor's part. She answered that she has no way to tap into her brain and make this determination. So they said that they would have to do nothing about this.

She turned in her resignation and split the scene. We found out that the violations that my wife complained about continued and the hospital wanted to talk to her about it, but after she walked out the door, she left it all behind and never conversed with the administration about these infractions.

But there is not much I know about all this after she quit as the information is pretty dry and she won't talk to the admin. Why should she help them when she is off the clock. She doesn't want to go back because most of the trouble is from the COO who setup most of these balls in motion and gets those not in admin to take the fall for them. It's easy to see their game.

But not playing the game there is considered insubordination by the admin, so you really can't win.