Passwords are the first line of defense against cyber attacks and poorly chosen passwords can result in unauthorized access. With the introduction of HIPAA security and privacy law it is must for every health care organization and business associates to protect and safeguard the ePHI of an individual. There are several guidelines set by HIPAA for creating, changing, and protecting passwords.
These guidelines were set as a part of the HIPAA security rule which states that covered entities and business associates must have comprehensive policies and procedures for creating, storing and changing passwords.
How to Make Your Passwords HIPAA Compliant
Generally, the HIPAA law does not provide detailed implementation standards but it says that “procedures for creating, changing, and safeguarding passwords” are an addressable safeguard. There are many unique and best practices that organizations and business associates can use while trying to adhere to HIPAA password requirements.
As we said earlier HIPAA does not list specifics that your organization can have in place to ensure your passwords are safe and strong enough to secure the individual’s data but federal regulatory body called NIST (National Institute of Standards and Technology) do release password guidance. NIST also issue new guidance on password creation regularly so that password can be safe and secure. Here we have listed below the measures that you can keep in place to make you passwords coherent with NIST and HIPAA requirements.
- Use a minimum of 8 characters: National Institute of Standards and Technology says that password have at least 8 characters up to 64 characters long.
- Avoid password hints: Hints like “My date of birth” or “My first pet name” etc. should be avoided.
- Create memorable passwords: Password should be unique but it should not be too complicated so that is difficult to remember.
- Don’t put your password on a post-it note: It is said that one should never keep a physical reminder of their password anywhere near your computer.
- Password should not match with previous 10 passwords
Here are some more tips for strong (and HIPAA compliant) password
- 8 characters (at least
- Uppercase letters
- Lowercase letters
- Special characters