What Acupuncturists Need to Know about Passwords & HIPAA!

Does your acupuncture practice have a password policy? Does it look like the picture above?

Don’t you hate when you’ve come up with a clever, awesome password, commit it to memory, and then get the dreaded “Reset Your Password” email? It almost seems to come too quickly. Didn’t I just reset my password?

As a Covered Entity, which handles PHI (Patient Health Information), having a password policy is important. Especially, for the computers and systems, you use for storing PHI.

But, what does having a password policy really mean and what should be in the password policy?

What does HIPAA say?

In the HIPAA Security Rule, under Administrative Safeguards, Password Management is specifically called out.

Let’s see what it says.

HIPAA doesn’t give specifics for what your password management policy should be. All it says is that you have in place, “Procedures for creating, changing, and safeguarding passwords.”

Now What?

While HIPAA doesn’t mandate a specific policy, it’s good policy that your practice has a set of sensible rules. As and example, a procedure might look something like this.
Creating Passwords
  • DON’T Reuse old passwords.
  • DON’T Use simple passwords.
Changing Passwords
  • Periodically reset passwords.
Safeguarding Passwords
  • DON’T Write passwords down.
The idea is to come up with a set of rule, write them down, and follow them.

How Jasmine Helps

Jasmine helps you manage your password policy within the system. Providing a self documenting policy within the software itself!

Whether you’re already using Jasmine, or planning to in the future, a good password management policy is important for keeping your patient’s PHI safe and secure!

Questions? Let me know in the comments below. I’d love to hear from you.

Minto Tsai

P.S. If this helped you, please Like, Share, email… all the social network love you can give!