Making Passwords More Secure for Covered Entities
HIPAA and security are interconnected to the extent that if organizations break their connection it could spell big trouble for them, in terms of lawsuits and legal penalties. For covered entities such as healthcare providers, health plans or clearing houses, the Privacy Rule is of utmost importance.
Passwords are one of the commonest means of ensuring security of files for covered entities. It ensures security while also making the information easily accessible. But as everyone knows, passwords are the most basic forms of security.
Passwords Can Be Bypassed
When you say “password” it’s immediately personal security that comes to mind. When we log in to our email accounts or sign in at social networks, it’s the password that cements our identity and prevents others from entering our space, accessing our data, and most dangerous of all, taking our place by posing like us.
While merely having a password may help keep some personal accounts secure, many are not immune from hackers because they somehow manage to guess user passwords correctly or get them recorded through keystroke recorders installed in public computers. The risk doubles with accounts of businesses and covered entities that come under the jurisdiction of HIPAA laws and are expected to maintain HIPAA-compliant workflows.
Keeping Passwords from Being Compromised
HIPAA norms are strictly enforced, and with organizations dealing with millions of files containing sensitive and personal health information of people, passwords are simply not a sufficient guarantee against information theft. That is, unless the password is an exceptionally tough one to guess, and is kept secure not only from outside hackers but also from people within the organization who don’t need to have that information.
A few steps are mandatory for any organization to ensure that their passwords are not compromised. First of all, the password must really be a tough one to guess. Place yourself in the hacker’s position and gauge for yourself whether your password can be figured out in some way. The bottom-line is, and it’s a no-brainer, that a password should be something that is unobvious. But once that is done, it still isn’t enough to keep your files safe. And here’s another no-brainer – never share the password with other staff in your organization. In the event that you feel someone other than you, who are the person in charge, knows the password it’s time you changed it immediately. Different accounts must be secured with different passwords. This gives a level of security since you won’t be making the guessing job easier for the hacker if he manages to hack one account. If your organization has unused accounts, close them – that leaves you with one less thing to worry about. Finally, never ever access accounts containing patient related records from a public computer. You may use your password to enter the account and then log off once you’re done but, as we mentioned before, these computers could have software installed that could
detect the keystrokes you make and compromise your password. It’s better to be safe than sorry, particularly when it concerns HIPAA.
Covered entities need to be vigilant regarding the security of medical records, and passwords are just one of the means for that. But being careful with these can ensure confidentiality of healthcare information and save a lot of hassles in connection with HIPAA compliance. Contact MTS Transcription Services 8596 E. 101st Street, Suite H Tulsa, OK 74133 Main: (800) 670 2809 Fax: (877) 835-5442 E-mail: info@managedoutsource.com