Tip #5 – Implement good password controls

Passwords are the key to protecting systems that contain patient information. The stronger the passwords that your employees use the more secure your systems are. Here are a few inexpensive ways to ensure you implement good password controls.

Complex Passwords

Encourage employees to use complex passwords that have upper and lower case letters, special symbols such as “@ ! $ % &” and numbers. The more complex the password the harder it is to guess or crack. Keep in mind that your employees probably have so many different passwords that they will not be too happy to have another password especially if it is hard to remember. You will have to ensure they understand the importance of protecting patient information and the importance of using complex passwords in order to respond to any employees’ resistance.

Don’t write passwords down

Passwords should not be written down. They should not be stuck to monitors on yellow sticky notes. They should not be on a piece of paper under the keyboard. Passwords, like credit card and social security numbers should be protected and not shared.

Lock accounts after failed password attempts

Accounts should be locked after a number of failed passwords attempts. For example if an employee enters their passwords incorrectly 5 times the account should be locked and require the network administrator to unlock the account. Account lock outs prevent passwords from being guessed or hackers from using special tools to break into accounts. Needing to reset passwords may be a little inconvenient, but account lockouts are a very effective way to protect patient information from unauthorized access.