What have passwords do with protecting patient privacy and securing of health data and comply with HIPAA?

Health Insurance Portability and Accountability Act (HIPAA) was issued to assist in the portability of health insurance and to reduce the administrative cost of healthcare. The enhanced availability of health information in an electronic format to improve the quality and reduce the cost of healthcare, arises concerns about greater risk for loss of privacy among health care participants.

Meantime, one should be sure, that paper records could also be abused and misused by anyone in a white coat, and no one would ever know. And it starts from having access to the data you are not authorized to. With electronic records, there can be “audit trails,” who tried to access to which data. Passwords are the simplest form to authentify users and perform control at the access point. They ask to knonw whether “You are who you are”. Passwords can be very secure, can even be too secure – if are forgetten.

Strict enforcement of “password policies” with detailed audit logs will manage user access and account activity. Passwords control authentication attempts and will show who accessed the information and will control not authorized accesses. When time out (say, in 5-10 minutes inactivity the session is automatically being logged out) on computers they require re-entry to log in.

Use different useful tips how to choose stront passwords: e.g. http://www.auscert.org.au/render.html?it=2260, http://www.securityfocus.com/infocus/1537 http://www.tech-faq.com/passwords.shtml.

This entry was posted on Friday, May 4th, 2007 at 12:08 pm and is filed under Articles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.