The Health Insurance Portability and Accountability Act (HIPAA) passed by US government for the protection, integrity, and availability of confidential healthcare information in organizations. Any healthcare organization or business associate that handles protected health information (PHI) must be compliant.
Nowadays, data breaches have been on the increase across all industries, but they are mainly concerning in the healthcare industry where the data is very sensitive, the systems secure life, and where the cost of a data breach is astronomically high. Under the HIPAA law relating to privacy awareness and training, specify covered entities and business associates must execute procedures for generating, changing and protecting passwords. HIPAA password requirements also called as addressable requirements are an essential part of keeping your sensitive health data safe and avoiding HIPAA financial and criminal penalties.
Comply with HIPAA to protect electronic protected health information (ePHI)
HIPAA law is divided into several different rules governing the use and integrity of protected health information (PHI). PHI is any demographic information that can be used to recognize a patient. It includes names, addresses, dates of birth, Social Security numbers, bank details, telephone numbers, insurance ID numbers, and health care data, and many more. Any organization that process ePHI must comply with HIPAA policies. Under the HIPAA Security Rule, there are specific Physical, Technical, and Administrative standards that must be in place to ensure that PHI is kept out of harm’s way.
Password Guidelines Updated by NIST
The National Institute of Standards and Technology (NIST) update HIPAA law password guidelines in agreement with new research. The U.S. government requires its organizations to comply these guidelines, and many other organizations would benefit from executing these rules as well. NIST provide some HIPAA password requirements work on compliance program:
- Using a minimum of eight and up to 64 characters in length
- Avoiding the use of password hints
- Creating passwords you’ll remember
- Don’t keep a physical reminder of your password anywhere on computer
- Running passwords against a list of weaker options
- No password expiration period
- All ASCII characters (all letters and special characters, including space) should be maintained.