Use Strong Passwords and Change Them Regularly
Selecting Passwords
Choose a password that is not easily guessed. Below are some examples of strong password characteristics:
- At least eight characters in length (the longer the better).
- A combination of upper case and lower case letters, one number, and at least one special character, such as a punctuation mark.
Strong passwords should not include personal information, such as:
- Birthdate
- Names of self, family members, or pets
- Social Security Number
- Anything that is on your social networking sites or could otherwise be easily discovered by others.
Updating Passwords
Configure your systems so that passwords must be changed on a regular basis.
Resetting Passwords
To discourage staff from writing down their passwords, develop a password reset process to provide quick assistance in case of forgotten passwords. This process could involve:
- Allowing two different staff members to be authorized to reset passwords
- Selecting a product that has built-in password reset capabilities.
Limit Network Access
- Prohibit staff from installing software without prior approval.
- When a wireless router is used, set it up to operate only in encrypted mode.
- Prohibit casual network access by visitors.
- Check to make sure file sharing, instant messaging, and other peer-to-peer applications have not been installed without explicit review and approval.
Control Physical Access
- Limit the chances that devices (e.g., laptops, handhelds, desktops, servers, thumb drives, CCs, backup tapes) may be tampered with, lost, or stolen.
- Document and enforce policies limiting physical access to devices and information.
- Keep machines in locked rooms.
- Manage keys to facilities.
- Restrict removal of devices from a secure area.
Hopefully, this information will provide some simple security tips in order to prevent a HIPAA violation and/or security breach which can devastate a practice.
Stuart J. Oberman, Esq. handles a wide range of legal issues for the dental profession, including: employment law, cyber security breaches, practice sales, real estate transactions, lease agreements, OSHA compliance, dental board complaints, and professional corporations.
For questions or comments regarding this article, please call (770) 554-1400 or visit www.obermanlaw.com
If you would like Stuart J. Oberman, Esq. to speak at an event, please contact Arielle Horner, Marketing Coordinator (arielle@obermanlaw.com).