In our technologically run world, privacy has become a big topic of conversation, especially in the rise of cyber crimes. Beyond safety for safety’s sake, there are strict laws requiring your company to put in safe guards in order to protect your clients and employees. There are a few basic rules to follow to ensure that you and your company are HIPAA compliant.
What Does HIPAA Mean?
HIPAA stands for Health Insurance Portability and Accountability Act. It is United States legislation put in place in 1996 that requires data privacy and security provisions for safeguarding medical information.
There are 3 main aspects of HIPAA requirements:
- Administrative — measures to ensure patient data is correct and accessible to authorized parties.
- Physical — measures to prevent physical theft and loss of devices containing electronic PHI.
- Technical — technology-related measures to protect your networks and devices from data breaches and unauthorized access.
HIPAA laws force you to maintain your record keeping to a legal standard, ensuring that your clients and employees are protected from their private information being shared.
What Does a HIPAA Compliant Password Look Like?
Some areas of HIPAA law are very specific as to what you can and cannot do, but there is some vagueness in regards to password standards, and even these standards are likely to change as technology continues to evolve. What we can gather from what is communicated from the HIPAA standard is that your business is expected to legitimately put in its best effort to protect its clients and employees, and any obvious negligence will be met with potentially hefty fines. Some basic password standards are as follows:
- Minimum of 8 characters: It is often required that you include both capital and lowercase letters within these 8 characters just to further ensure your password security.
- Include both numbers and letters in your password.
- Create a password you can remember organically: There was a point in time when your password was encouraged to be a random series of letters, numbers, and symbols in order to deter hackers. However, your inability to remember such a password posed as a security thread in itself. Because of this, your password’s memorability is key in your cyber security.
- Avoid common words or phrases: Using the word “password” as your password would be considered a very weak password that would not be HIPAA compliant. Other commonly used weak passwords would be using your name (either first, last, or both), matching your password to your log in, the numbers 1-8 in order, and offering a clue that too obviously reveals your password. There is a master list of the most common words or phrases used as passwords. You should avoid using any form of these commonly used passwords.
What Is The Punishment For Not Being HIPAA Compliant?
On top of actual legal fines for violating HIPAA that depend on the scale of the negligence involved (these fines range from $100 to $50,000 per violation), there is a legitimate “list of shame” as well. This list can be accessed by the public, and it reports every breach in HIPAA compliance. Not only does it state the name of the businesses guilty of violating HIPAA, but it also specifies the date the breach occurred, the amount of people affected by it, the type of breach, and through which avenue the breach occurred. If a fine wasn’t bad enough, having your company’s name plastered on that list to be viewed by any google search should push you in the right direction of securing your data and enforcing proper, HIPAA compliant passwords.