In Healthcare IT, is a "break glass" mode to bypass access controls commonly required?
My healthcare organization uses Break The Glass with our EMR. I work on the IT side of things so I'm not sure how it applies to the clinicians, but for us it is setup so that if we access any patient record we are required to Break The Glass. In doing so we are forced to enter a comment as to why we need access to the record.
It's a good feature - with the introduction of the HITECH act, and of course with HIPAA, it is important to document why you went into a patient's chart.
As a patient, you have the right to request the names of all of the employees who accessed your medical record and you also have the right to know why they needed to see your chart. By forcing the Break the Glass feature, we as employees are forced to create this documentation. If we didn't have this documentation and a lawsuit was brought against my organization, the individuals who accessed the chart could be held liable if they cannot produce sufficient reason for entering the chart.
So in short, no it is not required, but it is an excellent way to mitigate risk - not only for your organization but for the individuals who can be held liable by HITECH and HIPAA.
There is no broad requirement for that specific feature as far as I'm aware. However, as a medical application you will normally consider the hazards of the system and mitigations.
If one of your hazards is "can't get at the images when I need immediate access for emergency diagnosis" then it's quite likely that one of your mitigations would be a "break glass mode". I have certainly seen systems offering backdoor (non-GUI) access into the image archive for precisely this reason. As @Marshall Anschutz said, this all depends on how life-critical the image operations are.
I cannot comment as to the demand for this feature, but I think that falls secondary to the need for the feature from a safety perspective.
As a physician, even though I can think of situations where having immediate, unrestricted access to clinical information can be critical, I can't think of an "emergency break glass" feature as an absolute requirement for an electronic healthcare information system. The security risks of having unrestricted access are too high, and besides, think of the following: a similar feature is definitely not available with traditional, paper-based systems, and yet they are still used to good effect (if, for whatever reason, you can't access a physical record because it has been misplaced, or is otherwise "locked away" from you, that's it, and you'll have to make do just with what you have at hand).
In my opinion, having this kind of feature just adds an unacceptable security risk. The proper way of ensuring patient safety with timely and appropriate access to clinical information is by correctly instructing our systems' users in knowing and using our security and authentication measures.