HIPAA Compliance for Medical Practices
63.7K views | +25 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

Creating and Managing Passwords - Total HIPAA Compliance

Creating and Managing Passwords - Total HIPAA Compliance | HIPAA Compliance for Medical Practices | Scoop.it

How many times a day do you access applications or websites that require passwords? The temptation is to make passwords simple or reuse the same password. The 2017 Verizon Data Breach Investigation Report found that 81 percent of hacking-related breaches succeeded through stolen passwords or weak passwords. That’s an 18 percent increase from last year’s report, suggesting that rather than getting better, password security is getting worse.

Common password problems are using simple passwords that are easy to hack and the same one for many sites. Then there is the problem that you can’t remember them all! Ah, the joy of managing passwords. Here are two ways to protect your data. First, learn how to create a solid password. Next, consider a password management system.

Creating Passwords

You know that your passwords have to be unique and strong. But what exactly gives passwords these traits? This list of Dos and Don’ts will help you create a super strong password to safeguard your patient’s or client’s protected health information:

Do:

  • Do use 12-15 characters for each password. The longer, the better.
  • Do consider using a phrase or sentence you can easily remember your password including numbers and special characters.
  • Do use special characters in atypical places. For instance, use a number in the middle of a word rather than before or after it.
  • Do consider length more than complexity. Studies show that a 15-character password with special characters is more secure than a short one of all unique characters like 5&Hq%.

Don’t:

  • Don’t use easily guessed passwords like family members’ names or birthdates.
  • Don’t use single words found in the dictionary such as watermelon or even watermelonseeds as standalone passwords.
  • Don’t reuse passwords at multiple sites.
  • Don’t share your passwords with anyone. If you have to, immediately change your password as soon as someone else has used it.
  • Don’t use passwords based on adjacent keys on the keyboard, like asdfjkl;.

Password Management

Since you’re now the resident expert on password creation, how can you organize all of them? A password management program lets you store and organize passwords in a single spot, so a single, master password gives you access to your complete password database. Last month, PC Magazine published an article comparing several different password management programs. For roughly $12 to $45 dollars a month, you can pay a service like Dashlane, 1Password, LastPass, etc., to securely keep your passwords at your disposal.

Within these programs, you can define your own passwords, or they can create unique passwords for you. To make it easy, these programs can be accessed not only on your work computer but also on your cellular phone or other devices. They may be a great help, but remember that your master password to the program becomes the one and only access point to all of your other information. Concerned about the security of these management programs? A recent article in Macworld will reassure you they are a reliable tool.

Password creation and accessibility aren’t for the faint of heart. Will it always be so difficult? Maybe not. Biometric sensors like iris scanning and facial recognition are becoming increasingly popular forms of authentication. These biometrics sensors can’t stand alone as a strong security solution, but we’re already seeing them more and more as part of a multi-factor authentication solution.

For the meantime, with security breaches rampant, password security is something you and your company can’t take lightly. Make it a habit of creating strong passwords. If you can’t organize them in a safe way, a password management system just might be the help you need to secure the PHI for which you’re responsible.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Can You Keep a Secret? Tips for Creating Strong Passwords

Can You Keep a Secret? Tips for Creating Strong Passwords | HIPAA Compliance for Medical Practices | Scoop.it

The computers in your office are veritable treasure chests of information cyber pirates would love to get their hands on. Only authorized personnel in a practice should have the keys to unlock what’s inside. Passwords as those keys. They play an important role in protecting Electronic Health Records (EHR) and the vital information those records hold.

The HIPAA Security Rule says that “reasonable and appropriate . . . procedures for creating, changing, and safeguarding passwords” must be in place. But the rule doesn’t stop there. It goes on to say that “In addition to providing passwords for access, entities must ensure that workforce members are trained on how to safeguard information. Covered entities must train all users and establish guidelines for creating passwords and changing them during periodic change cycles.”

Regardless of the type of computers or operating system your office uses, a password should be required to log in and do any work. Today’s blog will focus on how to create strong passwords – the kind that aren’t easily guessed. And since attackers often use automated methods to try to guess a password, it is important to choose one that doesn’t have any of the characteristics that make passwords vulnerable.

How to stay ahead of the hackers

They’re a clever bunch, those hackers. And they seem to know a lot about human nature, too. They’ve figured out the methods most people use when choosing a password. And they’ve turned that knowledge to their advantage.

To outsmart them, create a password that’s:

NOT a word found in any dictionary, even foreign ones
NOT a word any language — including its slang, dialects, and jargon
NOT a word spelled backwards
NOT based on recognizable personal information — like names of family and friends
NOT a birthdate
NOT an address or phone number
NOT a word or number pattern on the keyboard — for instance, asdfgh or 987654

A strong password should:

Be at least 8 characters in length
Include a combination of upper and lower case letters, at least on number and at least one special character, like an exclamation mark

Examples of strong passwords

With their weird combinations of letters, numbers, and special characters, passwords can be a challenge to remember. Starting with an easy-to-remember phrase and then tweaking it to fit the guidelines for strong passwords is one way around that problem.

For instance:

1h8mond@ys! (I hate Mondays!)

5ayBye4n@w (Say bye for now)

Safety first

The importance of having strong passwords — the longer, the better — and changing them on a regular basis can’t be overstated. And it goes without saying that writing a password on a Post-It note and attaching it to a computer monitor should never be done. Do everything you can to make your passwords strong, and store them somewhere safe. These steps will help ensure the security of your PHI and give those hackers fits.

more...
No comment yet.