Locking down browsers in healthcare settings to prevent staff misuse

More and more healthcare applications are being re-platformed to run as web applications. While it’s good for ease of deployment, this means that staff that had no business using web browsers before now have valid work reasons to run browsers. This may lead to “unofficial” use of office browsers for non-healthcare use such as shopping, reading the news, playing on FaceBook, or other types of misuse.

While some misuse may be acceptable because all it does is waste time, other types of misuse like downloading files, playing music online, etc will cause viruses to enter the network or may take up valuable network bandwidth.

I recommend locking down your browsers so that staff can only use it appropriately. Check out these tips and directions to help prevent most common misuse of Internet Explorer. While these are not foolproof, they will take care of basic restrictions.

Newsletter Sign Up

14 thoughts on “Locking down browsers in healthcare settings to prevent staff misuse

  1. You must be joking.

    Better bet to prevent viruses would be to use something other than the abysmal IE. Firefox would go a long way to curing the virus issue.

    As for “appropriate use”, when organizations realize that it’s inappropriate to demand long hours and 24hour availability from their employees, with no additional compensation nor alternatives for getting on with life, then maybe “appropriate use” would make some sense.

    Doubtful in our lifetimes.

    I recommend removing the lockdown that your mind is under. 😉

  2. Of course if this is a real concern in your environment you should use BSD or Linux as your desktop OSs if possible. You’ll significantly reduce risks of virus infections.

    Otherwise, even on Microsoft OSs you can obtain better control using Firefox. There are several sites you can visit to learn how but two are:




    I hope this helps.


    Timothy Cook, MSc
    Health Informatics Research & Development Services
    LinkedIn Profile:http://www.linkedin.com/in/timothywaynecook
    Skype ID == timothy.cook

  3. Great comments Tim and Andrzej. Thanks for stopping by.

    While I would love to tell people to use “more secure” workstations that’s not likely to happen anytime soon. Many web applications require IE and won’t work in FireFox and many people can’t stop using Windows so when I saw some misuse at a few customers I thought I’d throw this blog posting together for some quick tips.

  4. If internet traffic is enough of a concern at your agencies, think about investing in a web filtering software or appliance. They will allow you to block traffic by categories and also allow you to monitor the traffic.

  5. Interesting article. It really does not have anything to do with security. this is about appropriate use. I believe most health care organizations use content filtering products such as SurfControl. The rating service that Microsoft had envisioned has been a failure.

    We do not try to limit our staff to work-only sites. We really desire to employ the type of people that are comfortable with technology. If someone wants to buy a book on amazon or check their 401K on their break that is fine with me. Those are my people. Sure, that could be abused. But so can a million other things. That is why we have managers.

    The only filtering we do is truly inappropriate content.

  6. Why don’t we just trust our employees?

    I feel the more you take away, the more you will find them trying to divert their attention to other places other than work.

    I worked in the government for a long time, probably some of the most locked down computers you have seen, with some of the biggest time wasters. I have also worked in the opposite environment, completely open and those workers worked harder than anyone I have ever seen.

  7. Perhaps a solution in the future will be to keep browsers disabled, but install an app like Mozilla Prism for all web-app use.

    Prism is a bit like a browser, but with no navigation amenities like the back button or address bar because it is intended to be used with a single web site per instance. It makes web-apps feel more like desktop apps.

    I suggested to the design team that they add a feature that puts the apps that Prism launches under administrator lock for precisely this reason, as it would effectively block non-web-app traffic.

    Of course, using Prism would mean deploying another desktop app, and it won’t work with IE6-only apps but I thought it was interesting.

    More on Prism:

  8. I would regard the lock down of certain traffic and websites within a large organisation as being pretty standard fare for any filtering tool worth its salt – of course probably the more difficult issue are the usage policies, etc associated with internet access in general.

    what has frustrated me moreso over the past 12 months is discussing solutions with the customer where there is a blanket ban on a particular plugin within the browser; Flash is the best example here; I’ve had to back track/back out of projects because the desktop user base did not support Flash, and there was not a bullet proof mechanism for doing this via remote instalation.

    Desktop audio or lack of – is another issue that I have specifically written about in the past myself (http://www.thehealthtechblog.com/2006/08/corporate_polic.html)

    Getting back to Shahid’s main point – my main concern would be that due to browser lock down – organisations won’t have the functionality or have the opportunity to harness the creativity which is beginning to be used more and more in consumer sites.

  9. Locking down the browser is important in some situations. The most apparent one is our kiosk workstations that people use to fill out their paperwork. It’s amazing how fast our patients will download a program like Kazaa onto a kiosk computer while they’re waiting for their appointment.

  10. While there are indeed inappropriate uses of an institution/employer’s technology, applying a unilateral block on all personal use generally results in employees who are disinterested in using the technological solutions implemented by employers. The main reasons for this hinge on the following:

    1) Unfamiliarity/Discomfort with technology (People take the time to *really* learn technology by using it to do something in which they have a *personal* interest)
    2) Feelings by the users that management does not trust the users or care about their personal needs that full lockdowns tend to cause.

    It is easy to lock down. It is easy to leave things completely open. It takes some thought to keep things secure between these two extremes.


  11. Letting people use the internet is okay. Policing everyone is not the right philosophy here. I would recommend installing a firewall that only allows a certain ip addresses.

    But even with this, you will run into problems of administration. It is better to let people use the internet and explain to them what is appropriate or not instead of standing over their heads and policing them.

    Paul Mark
    World’s Largest Health And Wellness Community

  12. There are so many applications out here that would fit your particular need here but I feel the best solution may be simply using a filter that disables access to certain websites by analyzing their keywords that provide information about their content.

  13. The use of Firefox does not stop people from downloading and installing applications which have trojans and spyware. Too many people feel they are safe when downloading with Firefox. So the problem is not specific to IE. It is a simple task for an IT department to push security settings out to all users using IE to ensure they do not use ActiveX on random sites and to allow it’s use on those that are trusted.

  14. I started a company 7 years ago specializing in web applications for the intensive care unit. I have seen first hand this abuse by users. Users download toolbars, pop-up blockers, Alexa, etc… ultimately effecting the way our web app runs on the computer. 90% of our support calls are because of user missuse of the internet. On the flip side our web apps can be accessed from anywhere at anytime saving lives on a daily basis. Easy to maintain with no client side installs or upgrades.

Add Comment