HIPAA 164.312(b) Audit Controls: Implement hardware, software and procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information, or ePHI.
HIPAA Password Compliance - The HIPAA Privacy Regulations require that appropriate administrative, technical, and physical safeguards are in place to protect the privacy of protected health information. To meet this requirement, XYZ has implemented a change to the password policy for all accounts used for accessing the XYZ, Inc. web site.
The following represents the minimum requirements for your XYZ password.
* Password complexity: Must not contain significant portions (three or more contiguous characters) of your account name or full name, must be at least eight (8) characters in length, must not use control characters and other non-printing characters, and must contain characters from at least three of the following four categories arranged in any order.
* English uppercase characters (A through Z)
* English lowercase characters (a through z)
* Base 10 digits (0 through 9)
* Non-alphabetic characters: ~!@#$%^*&;?.+_
* Maximum age: All passwords must be changed at least every sixty (60) days.
* History: Set at six (6), meaning the password needs to be set six times before it can be reused.
* Account Lockout Threshold: After five (5) unsuccessful attempts to enter a password, the involved user-ID will be temporarily disabled for five (5) minutes after which the account will be automatically unlocked.
Guide to Creating A Secure Password - Passwords must be a minimum of eight (8) characters long and alphanumeric. Passwords should not be based on one's user name, actual name or any dictionary name; i.e., a good password should not contain standard words. The longer your password is the more secure it will be.
From novice to tech pro — start learning today.