Medicos are so adept at mitigating security controls that their bypassing exploits have become official policy, a university-backed study has revealed.
The work finds that nurses, doctors, and other medical workers will so often bypass information security controls in a bid to administer rapid health care that the shortcuts are taught to other staff.
It is built on face to face and phone interviews with hundreds of medical workers, chief technology officers, and 19 security boffins by an academic team of Sean Smith and Vijay Kothari of Dartmouth College, Ross Koppela of the University of Pennsylvania, and Jim Blythe of the University of Southern California.
"We find, in fact, that workarounds to cyber security are the norm, rather than the exception," the team writes in the paper Workarounds to Computer Access in Healthcare Organisations: You Want My Password or a Dead Patient? [pdf].
"They not only go unpunished, they go unnoticed in most settings — and often are taught as correct practice.
[...] These workarounds which keep machines logged in have resulted in at least one instance with the issuance of the wrong medication when a doctor did not realise the wrong patient records were open.
"The problem is the … chief information, technology, and medical informatics officers … did not sufficiently consider the actual clinical workflow," the team says.
The team says healthcare workers are some of the most creative in bypassing controls given their critical mission of healthcare delivery.
(Score: 3, Interesting) by MostCynical on Monday June 27 2016, @09:53PM
Having worked in hosptials, looking after patient databases, nurses and doctors don't just argue "patient safety" as the reason they won't use user names and passwords correctly; they genuinely believe IT should be a tool to improve their lives and anything *they* have to do to change to suit the IT system is wrong.
The people who buy the IT systems have a set budget and have to fit the available hardware, and building your own is never the answer.
I have seen many (15-20, possibly more) doctors write their own systems for patient admin, medications, or whatever.
None have adequate security, access controls, update logging, change logging or anything else required for best practice information management.
Everything is compromise. No on has enough money to do it properly.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Insightful) by GungnirSniper on Monday June 27 2016, @09:57PM
Until there is a breach and they're held liable, nothing will change. Just imagine the havoc one could cause by going in and deleting things like known medicine allergies?
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 3, Funny) by Dunbal on Monday June 27 2016, @10:25PM
Don't be so quick to run and hold people liable. What is your job? What are you liable for? While it's true as a physician I have made mistakes (none of them major thank goodness) - how come no one bothers to compare that to all the times I got it right?
(Score: 3, Insightful) by GungnirSniper on Monday June 27 2016, @10:34PM
If you are a physician then you're aware you're a doctor, not a engineer. [ditl.org] That means it's outside of your area of expertise to implement an Internet-connected system for patient admin, medications, or whatever as MostCynical described. In the same vein I'm not a doctor so while my servers are spiffy, I'm not qualified to write a prescription even if I think myself competent to do so, and would be liable for illegally practicing medicine.
So while it's great and democratic that people can write their own software, I don't want my medical records dropped into something that has all of the strength of soaked cardboard.
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 5, Insightful) by Dunbal on Monday June 27 2016, @10:42PM
If you are a physician then you're aware you're a doctor, not a engineer. That means it's outside of your area of expertise to implement an Internet-connected system for patient admin, medications, or whatever
I agree entirely. However the converse is true. The guy who wrote the software is not a doctor, he's a programmer. From personal experience I can say that most medical software is not helpful at all, it is even more obstructive and time consuming than manually writing things in an old fashioned paper file. Because it is designed by people who are clueless as to how the practice of medicine happens, how a diagnosis is evolved, how patients might not fit neatly in one or the other check box or drop down list, etc, the software itself can become problematic. It's like being forced to work with a UI that does its best to get in your way all the time. While the bureaucrat is only concerned with the time left until 5pm, quite often time works against the physician. So if short cuts happen, it's easy to blame the user but perhaps the real problem is the design of the software that isn't meeting the users' needs.
As for accountability - in the old days a physician who failed to cure a patient was placed into a sack [wikipedia.org] with some rocks, a live rooster, a live cat and a live dog and thrown in the river to drown. What happened? Well they started having a shortage of doctors...
(Score: 3, Interesting) by jelizondo on Tuesday June 28 2016, @01:19AM
I agree completely with you. If the software is not designed by the user and for the user, it is very difficult to get it right.
In my opinion, most or all of the techniques to get user input during the design phase fail miserably because we techies either don’t understand the needs or there is another management layer which introduces changes to what the front-line people need… Or worse, we get creative and design something to impress our peers with our prowess even if it's not quite what the user needs.
I don’t do much software development anymore because my way of doing it is expensive. For example, when designing a financial solution many years ago I became the “assistant” to the accountant for two or three months so I could understand precisely the data entry, the reporting, the legal requirements, the exceptions and every other detail.
The software is still in use today, more than 20 years (I kid you not), after I delivered it. The IT people in that company hate me because they have to run around trying to get the old software running on new OS/hardware configurations. Funny, the company has spent literally millions of dollars replacing that piece of software, but the reports for the shareholders still come from the old piece of shit I wrote.
Don’t get me wrong, I’m not a great programmer (I know better coders), I simply like to deliver solutions that are right for the person in front of me and not for an abstract customer. And I see pain and suffering inflicted on people simply because the software was created using “best practices” (which is fine and dandy) while ignoring the real needs of the users, which could be alleviated if the programmers simply sat down and tried to do the users’ job for a few days.
(Score: 2) by Dunbal on Tuesday June 28 2016, @01:34AM
If the software is not designed by the user and for the user, it is very difficult to get it right.
I think the main problem is that the software is usually commissioned/purchased by the health center, so the developer receives his instructions according to what the health center wants. Of course the standard reaction of any health center is to form a design committee which will include a few physicians but also people from management, accounting, archives, etc. Everyone will have a different opinion and those with the loudest voices will win, like any committee decision. Which means the doctors don't win - in a health center the doctor does not control the purse-strings. So the committee gets the software it ordered, management is happy because everything went smoothly, and the poor fucking doctor is stuck with a bitch of a system.
This is a true story, as I was involved in the "design phase" of an aborted software system for a national health service. Somehow it never got off the ground. It cost a hell of a lot of tax payer money though. The system was designed to meet bureaucratic demands because the administration views the patient file as something to be processed, with statistics extracted, etc. A doctor views it as a quick reference guide to what's been done and what needs doing. And when you have 80 people on your ward, it has to be a QUICK quick reference...
(Score: 2, Interesting) by anubi on Tuesday June 28 2016, @08:01AM
This even happens to engineers, Dunbal...
I remember well when I had to use some design software as mandated by management. I could still make stuff that worked as long as I had my older machine on which I would verify my design calculations - then I would transcribe the design to the new software for presentation to Management.
Once the armed security people came in, took my old machine, and carted it off for destruction, it really became a crapshoot whether anything I designed would work or not. I no longer had access to the machine that did what I told it to do.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Gravis on Wednesday June 29 2016, @06:04PM
seems to me that they should have one backend and a different frontend for each department/perspective. there is even a programming concept for this called model–view–controller. [wikipedia.org]
i do have a question though, would the hospital staff be ok with getting a tiny (non-magnetic/MRI compatible) implant in their hand if it meant they never had to deal with logins or passwords? implants are really the only way ensure someone using an ID is the person it was given to... unless you get your hand hacked off.
(Score: 1) by Ken on Tuesday June 28 2016, @08:42PM
"Because it is designed by people who are clueless as to how the practice of medicine happens, how a diagnosis is evolved, how patients might not fit neatly in one or the other check box or drop down list..."
"They" try to invent "standards" such as HL7 & DICOM. Unfortunately the standards can be configured differently (You are looking in PID 2-3, but we are sending in PID 2-6) so interfaces are hard to build so systems can work together.
Our EHR vendor charges a large amount to build an interface. We needed a Radiology interface to both send orders to Radiology and receive the report back. The EHR interface team just copied and pasted the Lab interface and changed the IP numbers to point at Radiology. They got the same fee as they would have for building one from scratch. They didn't consider that radiology reports don't have reference ranges. The referring providers hate the way the Radiology report looks. These are just a few examples of how IT and Medical providers have a disconnect.
This guy (AC) has it right
"IT needs to use doctors as part of their design team in the sense of hand in hand software development. It's only in this context that good user interface design can result, not in a vacuum as occurs largely nowadays"
(Score: 2) by EvilSS on Tuesday June 28 2016, @12:13AM
Yea but the doctors won't be held liable, the hospital will. The doctors will get pissed and demand to know how the hospital IT allowed it to happen.
(Score: 0) by Anonymous Coward on Tuesday June 28 2016, @09:44AM
(Score: 5, Insightful) by Anonymous Coward on Monday June 27 2016, @10:13PM
they genuinely believe IT should be a tool to improve their lives and anything *they* have to do to change to suit the IT system is wrong.
And to be honest, they are right. It's strange that almost the whole world works the other way around.
(Score: 3, Insightful) by Anonymous Coward on Tuesday June 28 2016, @12:39AM
Exactly. If you're in IT and make management decisions based on anything other than how can you best improve your users' lives, you're a failure at your job. IT, at its heart, is a service sector job. You are providing a service to your end users or at least you should be. For some reason, some other IT people find it insulting when I tell them that.
(Score: 2) by Tork on Tuesday June 28 2016, @02:50AM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 3, Interesting) by MichaelDavidCrawford on Monday June 27 2016, @10:07PM
there's a good reason I carry a paper notebook and a pen everywhere. If I need to write something down I just pull them out of my pocket. If I want to write a note on a computer, I have to wake it from sleep, log in, launch an application then hopefully save.
I once watched a psychiatrist record our session into an electronic medical records app. I worked on such an app myself; the UI he was totally stymied by made sense to me but not to him.
Look at what doctors are trained to do during med school and their residencies - learn about lots of diseases and injuries, how to treat them Doctors have to know quite a lot of things. But electronic medical records are like homer simpson complaining that whenever he learns anything new, he forgets how to drive.
Yes I Have No Bananas. [gofundme.com]
(Score: 1, Troll) by Capt. Obvious on Monday June 27 2016, @10:25PM
Kindly fuck off with your desires. You don't have to like computers. You do have to use them. Or pay an assistant to transcribe your notes into a computer (either personally or via the hospital/practice.)
Being busy is no excuse for working around data security - not if you have my data in there.
Also, you should learn more about diagnosing illnesses in medical school. "When you hear hooves think horses not zebras" is a pretty bad philosophy to impose on young doctors.
(Score: 2) by MichaelDavidCrawford on Tuesday June 28 2016, @12:05AM
He wrote test plans, nothing but test plans, for Mare Island Naval Shipyard in Vallejo, California. He used a ball-point pen and a paper engineering pad. (Graph paper, but a certain specific type.)
His secretary transcribed his test plans into a computer for him. He never touched the thing.
In his case, information security was the specific concern: "Everytime we get a new computer at work, we have to wait six months for an expert to fly out from Washington, then another month for him to Bless it."
I expect that expert was certifying the computer to TEMPEST standards.
Today's government computers have laughable security compared to MINSY's computers back then, in the '80s and '90s. The problem is specifically that everyone demands we use them. Information security is flatly impossible unless we make rational choices as to whether a computer should be used at all. In the case of medical records, I assert that pen and paper is far better. Computer records are what secretaries are for.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by HiThere on Tuesday June 28 2016, @05:31PM
And the problem is you're sometimes right...but not always. When you see one doctor for one problem and another doctor for another, it can be extremely important that they both have a complete list of your medications, and past history of reactions. Paper systems notoriously failed at that.
Please note that I'm not asserting that just any computer system would be better, but some systems are better at this. They've got their own weaknesses that need to be addressed.
Part of the problem is that data input is a serious weakness. Computers are currently too inflexible in that way. I expect this to be changing over the next decade. Real time audio transcription combined with free-form sketching and always on is quite plausible for systems within buildings. So is photography, which can be important for some medical problems. Probably with a weak microscopic camera (say 10-20X).
Of course, this will just mean that decent systems are possible, not guaranteed to be implemented. But work "towards" a Star-trek style "tricorder" is continuing, even though there's a long way to go. But even just current systems could do a lot better than they do, if properly designed. The system could be designed to work with cell-phone/tablet style terminals with something like Siri (how well does that actually work?) and an expert system (not asking for an AI here, just specialized area-specific knowledge). If you're using the cell-phone style interface you could use the phone's camera to capture sketches made on paper. Etc. But you wouldn't want to use real cell-phones because of security issues. You could set up the system with IR-links, though, and receivers in each room to route the signal to the main processor. Or possibly tetra-hertz would be better, if the hardware gets ready. There'd be fewer signal path issues, and it would still attenuate rapidly enough to be pretty much confined to the building.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 4, Interesting) by GungnirSniper on Monday June 27 2016, @10:46PM
I've heard med students say that they're not taught that medicine is a business, so its no surprise that other business aspects are left out.
You or I interface with computers a hell of a lot more than he does. Bet that application did not have as much input from UI designers or worse, UI designers who don't know the field and threw darts to place buttons. Or was customized with no regard to convention as Joel on Software suggests.
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 2) by Arik on Tuesday June 28 2016, @03:37AM
The only thing the 'pros' seem to bring to the table is the ability to dress up a crappy design enough to make a pretty (unopposed) demonstration for management.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by Ken_g6 on Monday June 27 2016, @10:32PM
They should really have fingerprint scanners on every device and every terminal, which log the user in within less than a second. My old phone didn't have one, and putting in a passcode was so cumbersome I just didn't use one. My new Nexus phone makes it so easy to log in with a fingerprint that I wouldn't do it any other way!
And, sure, fingerprints can be faked, but not easily. It's a lot harder than getting someone's shared login from a sticky note.
(Score: 2) by GungnirSniper on Monday June 27 2016, @10:38PM
You can also do facial recognition as well, which Imprivata sells with its OneSign systems. In hospitals and germ-filled environments that extra non-touch probably is a good idea.
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 3, Insightful) by EvilSS on Tuesday June 28 2016, @12:18AM
Or a good RFID system. Something like a RSA token merged with a HID card, so it's more difficult to clone but still fast and touchless. Biometric systems are good but they can be picky at times.
(Score: 2) by EvilSS on Tuesday June 28 2016, @12:16AM
Problem is they don't always work that well. I know one person (a nurse) who had to be given bypass codes for those drug locker thingies they have because it refused to read her prints. She's also had to make multiple trips to the sherrif's office for new print cards (yea, apparently they still do those) when transferring her license because they couldn't get a good read on the 1st ones. I'm sure there are others out there. Plus god, one place that everyone touches? In a hospital? That's going to be hard to keep sanitary.
(Score: 0) by Anonymous Coward on Monday June 27 2016, @10:33PM
Do we really want to pay doctors and other expensive experts to keep logging in/out to different systems all day? Some kind of bio-metric technique and/or security card seem a better way to go, with some kind of temporary cookie-like sharing of the most recent patient ID's so that they don't have to keep entering patient ID's. One possible problem is getting multiple vendors to recognize the centralized security system.
(Score: 1, Insightful) by Anonymous Coward on Tuesday June 28 2016, @05:13AM
The gold standard is paper, and IT systems should be subjected to natural selection versus paper. In hospitals most IT systems were forced onto people and this unfair advantage has led to rubbishy systems.
(Score: 0) by Anonymous Coward on Tuesday June 28 2016, @06:40AM
Hear! Hear!
After 15 years working in healthcare, I can name ONE system that was as least as functional as paper (it was modeled after forms already in use). If there is no improvement to what was being previously used, why bother?
That I've seen, computer systems just change the types of mistakes, not the frequency or severity, but have increased the workload x2 (half of my day is now designated to data entry from the notes I've written). This isn't an improvement. Critical information is still conveyed through paper. It is the gold standard.
Not to mention recovery from catastrophic failure is MUCH easier with paper. Waiting for a system to reboot, tracking down the IT guy to fix a problem, or fidgeting with a 7 different logins is killing people when I need to know what allergies they have NOW.
The elephant in the room is that IT is too immature a technology for a dynamic setting such as healthcare. Sure, somethings can and should be computerized (such as routine medication dispensing), but for the vast majority of medicine, IT is just an albatross.
(Score: 4, Insightful) by bzipitidoo on Monday June 27 2016, @10:43PM
Security has been the most overused justification for all kinds of nonsense. Many security people have this unwarranted feeling and expectation that security concerns are the most important of all, take precedence over everything else. The classic login prompt is a fine example. In a multi-user environment, some means of keeping users from stepping on each other is needed. But the login dialog was carried too far, unthinkingly retained in single user environments. I wouldn't be surprised if that was a major reason that relegated the Linux desktop to permanent obscurity. But they've learned their lesson. Almost no one logs into a smart phone. Screen locking on smart phones is not to prevent unauthorized access, it is to prevent accidental input from the authorized users.
So doctors and nurses are circumventing the login process. The first move is not to "educate" medical professionals, give them nonsense about why they shouldn't do that. It's to see what can be done to remove these unnecessary barriers. They have already decided that the slight protections of the security measures are not worth their time. The last thing that surgeons who routinely do risky surgeries care to hear is that they're taking a "big" risk by leaving themselves logged in all day long. They know a lot about risk, they don't need some idiot security fanatic parroting security dogma at them, trying to tell them their passwords should have at least one number, special character, and uppercase and lowercase letter.
(Score: 2) by MostCynical on Monday June 27 2016, @10:58PM
I agree, "unneccessary" hoops are a problem.
But what is unneccessary?
Ideally, medical records should be accessible by any clinician in any hospital in a country. That, these days, means internet connectivity, with all the risk that entails.
I do not want someone knowing I had a particular procedure unless it impacts the decision making about whatever is happening to me now. I do not want my allergies deleted, or my medications changed. Preventing these things, and logging who made the changes to track responsibilityis IMPORTANT. Risk for a surgeon is death RIGHT NOW. Failure of it security is somehting that won't matter until ... sometime.
I agree the UI should not get in the way. Doctors are crap at designing the stuff, and worse at bothering to learn how to use it.
Meta-data is hard. It only really matters when it is wrong or missing. Doctors and nurses don't want (or have time) to fill it in.
Admin staff aren't qualified.
Dilemma.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Tuesday June 28 2016, @05:16AM
Doctors are not crap at designing stuff. Don't underestimate their skill set, or their intelligence. They are simply busy. But within that community are many programmers, artists, philosophers, historians etc.
IT needs to use doctors as part of their design team in the sense of hand in hand software development. It's only in this context that good user interface design can result, not in a vacuum as occurs largely nowadays.
(Score: 2) by MostCynical on Tuesday June 28 2016, @05:43AM
Just like rally drivers thinking they can fly helicopters.. often, they crash.
This was designed by a doctor:
https://m.youtube.com/watch?v=gPhBhKnn2xU [youtube.com]
Just because a doctor thinks they can do it, doesn't mean they can. They might come up with something *slightly* better, in one or two areas, but they know nothing about UI, interoperability, data standards, security, firewalls.. Even IT people usually specialize in only one or two of those - for good reason (even though many think it they can do it all)
They want what they want. No two want (or need) the same thing.
None can agree on priorities (everything a doctor wants is, by definition, a *need* for that doctor)
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 1) by Ken on Tuesday June 28 2016, @06:09PM
I understand the need for security, but too often it interferes with good patient workflow. Multiple systems to log into (some interfering with one another). Updates (Security and others) rendering systems unusable. It is no wonder there are some who try to get around things. I work in Radiology at a multi-specialist clinic. Nearly everyone dislikes the inconveniences. I get called to "fix" things related to radiology. When something is not functioning due to an update, I always (half-jokingly) tell them "it's ok, the network is secure." People on both sides (IT & Users) seem to forget their mission is not the only one. Security needs to be easier for the users and the users need to work within the security boundaries set by IT.
(Score: 0) by Anonymous Coward on Monday June 27 2016, @11:02PM
There is a huge bias in favor of medical professionals, it is pretty much impossible for them to do wrong in the eyes of a large chunk of the population. These comments are a great example, so maybe someone can explain to me why this is? At least on the research end, I know they are producing an unbelievable amount of BS papers and essentially squandering away the goodwill of the population towards funding research along with the massive amount of resources. But here again, we see it is their *standard practice* to do things wrong, these problems are institutionalized, yet they get no blame.
(Score: 2) by MostCynical on Monday June 27 2016, @11:17PM
They choose how they work or "people will die"
Get in their way, "people will die"
Sack them all, people *will* die.
That is power.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 1, Troll) by Capt. Obvious on Monday June 27 2016, @11:21PM
We could sack the non-surgeon doctors and replace them with RNs, saving a ton of money. Train them all up in a few years.
(Score: 2) by MostCynical on Monday June 27 2016, @11:57PM
No thanks - there are some very good reasons it takes over ten years to become a specialist. They know *their* specialty very well, and leave other stuff to other specialists.
There is a reason most Local doctors make medication mistakes- they cannot possibly know all the interactions or current research on dosages on all the drugs out there- they just don't have time.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 1, Troll) by Capt. Obvious on Tuesday June 28 2016, @02:42AM
Most medicine is done at the GP level. And 10 years is unnecessary for that. They could all be replaced by NPs.
(Score: 5, Insightful) by archfeld on Monday June 27 2016, @11:16PM
Many of the current security measures ARE a huge pain in the butt for questionable value. Maybe the solution for this is to find security measures that can work in that environment and are transparent to the user. The point of having computers and electronic devices is to assist and provide value and ease the work of people in everyday situations, NOT complicate their lives and become impediments. If using a car required as much effort and left one as vulnerable as a computer did, many people would undoubtedly still be riding horses. A horse will often find its' way back into the barn, seeks out the food and water it needs, and can be trained to refuse service to those it doesn't know. It is the job of IT and the manufacturers to make the tools fit the need of the user not the other way around.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 0) by Anonymous Coward on Monday June 27 2016, @11:46PM
Don't get sick. Because doctors are assholes and the medical industry is evil.
(Score: 0) by Anonymous Coward on Tuesday June 28 2016, @12:47AM
Not getting sick isn't good enough. Avoid doctors like the plague! Because they're all evil assholes who will make you sick just to spite you.
(Score: 2) by krishnoid on Monday June 27 2016, @11:50PM
The article is from The Register, but any idea how this differs between the US and countries that have socialized health care? Do any of those countries have possibly centralized IT systems/software/policies that may better suit the specific needs of healthcare delivery?
(Score: 2) by MostCynical on Tuesday June 28 2016, @02:46AM
Alas, no, because "upfront cost" becomes the main driver for system purchase.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Tuesday June 28 2016, @02:45AM
1) hire medical staff
2) have them break security
3) ???
4) profit
(Score: 0) by Anonymous Coward on Tuesday June 28 2016, @06:53AM
And most are huge assholes too, doesn't help. Of course, when you buy off-the-shelf rubbish one-size-fits-all software, that's what you get.
(Score: 2) by RamiK on Tuesday June 28 2016, @09:46AM
There's a card reader sitting on the table behind the monitor in reach of the patients and a sticker with the passphrase written on it just to make sure you'll never forget that pesky password.
They recently added a finger print reader. My doctor is very diligent in keeping photocopies of his thumb and index finger next to it for the nurse in rotation to print out prescriptions over the phone.
There's even a handy outbox with a stack of prescription slips next to the front door for patients to pick up when the clinic is closed. It's convenient to call you doctor for some antibiotics and have the prescription waiting there. Though a bit unsettling considering you're going through a stack of of other people's slips with their names, phone numbers and house addresses along with the drug in question all there for all to see.
compiling...
(Score: 0) by Anonymous Coward on Tuesday June 28 2016, @02:16PM
Though a bit unsettling considering you're going through a stack of of other people's slips with their names, phone numbers and house addresses along with the drug in question all there for all to see.
Where do you live? My guess is not in USA, or if so, in some very peaceful rural town?