Care and watering of passwords -- a weekly HIPAA message

December 17, 2002

picture disc.HIPAA, the "Health Insurance Portability and Accountability Act of 1996," provides federal protection of patient health information. You will be receiving weekly messages to help you understand the topic and how it impacts your job. Today's HIPAA message addresses passwords and user IDs.

Questions:

1. Why does everyone have their own unique user ID (i.e., log-on ID, etc.)?

2. What are some important rules for making up "good" passwords -- ones that are hard for someone else to guess?

Answers:

1. Each person must have their own user ID in order to provide security for the information system. In addition, this ensures that each individual only has access to the information that they need to know. It also provides accountability for activity connected to that ID.

2. Passwords should be at least seven characters long; contain both numbers and letters; never be a real word or a significant number string; never be the name of a fictional character, a car model, or such. It is recommended to use a "pass phrase" rather than a "password." An example of a pass phrase would be "Nolv4me." Additional tips for developing a strong password that is easy to remember and instructions on changing passwords can be found at: http://info.unmc.edu/helpdesk/password_links.htm.

picture disc.

If you're a manager, please ensure all of your employees are informed of the contents of these messages and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this message or asking your employees if they have any further questions.