Thursday, April 1, 2010

Hipaa Password Requirements

HIPAA is meant to secure the privacy of individual patients.


HIPAA, also known as the Health Insurance Portability and Accountability Act, impacts many facets of the heath care industry. It is meant to safeguard the personal information of clients, and HIPAA has standardized the health care industry by providing rules health care facilities must follow in order to keep client information private. This includes the standardization of computer password requirements.


Why Is Computer Security Important?


HIPAA addresses computer security because in the modern era, much of our health care information is stored on computers. Unlike physical records that are often kept within range of sight, computer records are kept in the nebulous bowels of our computers, which under the right circumstances can be hacked into by outside sources. Secure passwords help to safeguard this and make it much harder for outside persons to access delicate health care information.


The Basics


HIPAA, under the requirements of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), requires personnel given the authority to access protected health care information be able to verify their identity to the computer which holds said information. This is done by assigning that person a user name and password; both are required in order to verify the provider's identity. Individual password requirements are defined by the organization's security official. The security official determines individual requirements by doing a risk analysis of the computer system; i.e., how vulnerable is this system to attack according to the methods already set in place to safeguard it.


Creating A Secure Password


Passwords should be at least eight characters long and alphanumeric. Passwords should not be based on one's user name, actual name or any dictionary name; i.e., a good password should not contain standard words. Passwords should be set in order to protect any login session during which an employee will be accessing health care information that falls under HIPAA. Many systems are sensitive to capital letters, and thus to create a secure password, it is often beneficial to include both capital and lowercase letters in one's password. Numbers also help to create a secure password.


Memorable But Still Secure


Often, it is hard to create a password that is memorable but still secure. People often combat this by writing down their password. However, this is only acceptable if the password is kept in a secure place. Writing down one's password and keeping it next to the computer is not secure and can lead to a breach in HIPAA regulations. A secure password does not include words or names, but can be just as memorable as a phrase if done right.


Many people use anagrams in order to create a memorable password. Picking a memorable phrase and converting it into an anagram can help create a password that is hard to crack. Remember, adding capital letters and numbers make a password even more secure. An example of a password created using the above rules is Pp2popp2d. Though the password looks like a jumble of letters and numbers, it stands for the following phrase: "Peter picked two pints of pickled peppers today." This was done by taking the first letter of every word, using the number form of "two" instead of its word form and using the short-form version of today, which converts to 2day, then shortening it further to 2d. This can be done with nearly any phrase and makes for a fairly difficult password to decode. More importantly, by coding a phrase, the user has a mnemonic device that can be put into play when trying to remember one's password.







Tags: health care, care information, health care information, Passwords should, This done