Passwords – an integral part of HIPAA and Compliance

HIPAA compliant computer password screen

I was reading an article the other day on passwords.  The author was doing his best to articulate a stern admonition on the potential exposure when one does not change their passwords at least every 90 days.  If you’re like me, you’ve got lots of usernames and passwords to track (I have over 100 of them and it’s going up daily!).  Plus, with HIPAA and the HIPAA privacy requirements, the responsibility to maintain privacy in the health care industry is especially important.  Most of us know that we should have strong passwords and that we should change them periodically.  Look, tracking all those usernames and passwords, much less changing all those passwords is simply a pain in the…well, you get the idea.

Whether you’re in hospital administration or physican practice management or any area of health care, you are keenly aware of regulatory compliance.  But with the hustle and bustle of our daily lives, how can we practically manage our passwords?

HIPAA security rules demand proper password protection!

I used to utilize Excel to store and manage all my usernames and passwords.  Unfortunately, the database is not encrypted and the program is not designed to securely store sensitive data.  So, after some research and experimentation, I settled in on a password management program called KeePass.  Some of the attractive features are:

  1. The program is free and open source.
  2. The database is encrypted with AES or Twofish symmetric ciphers.  (Sounds impressive doesn’t it?  I don’t know what it means either but our IT guy says that they are among the highest advanced encryption standards.)
  3. The user can generate random passwords (you can specify parameters such as letters, numbers, special symbols and even the length of the password) so the user doesn’t have to think too hard.

Also, it has a nice “copy and paste” function that allows me to easily place my long and complex usernames and passwords (I emphasize this for the sake our IT person!!!) into the required dialog boxes.  Consequently, I don’t fret over the length and complexity of my passwords.  If you’re interested in checking out KeePass, feel free to visit their site and see if it might work for you.

As health care professionals, we all know that we have a tremendous responsibility to comply with HIPAA privacy rules and that passwords are a solid part of that process.  Make your life easier by utilizing a password management program.

How do you manage all those usernames and passwords?  Leave a comment and share your experience!

When you need proven expertise and performance

Craig Fukushima, NHA, MBA

Mr. Craig T. Fukushima’s health care experience spans more than 35 years with special expertise in the long term care sector, including implementation of innovative health care projects in domestic and international locations.

Comments are closed.