Nursing

Keeping computer passwords safe will ease your privacy concerns

Nurse Leader Weekly, September 3, 2003

Want to receive articles like this one in your inbox? Subscribe to Nurse Leader Weekly!

Covered entities must safeguard protected health information (PHI) in oral, written, and electronic form with administrative, physical, and technical safeguards to ensure confidentiality, integrity, and availability, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Computer users should guard against account hijacking and report suspicious signs. Hijacking occurs when someone learns and uses your user ID and password. You are unlikely to know when this occurs, but occasionally signs exist.

For example, many computer systems display a welcome message upon successful log-on. Typically, the message is something like the following: "Good morning, Susan Miller. You last logged on Sunday, March 30, 2003, at 09:02."

If your systems display this type of log-on greeting, which contains the previous log-on date and time, you should make sure employees know about this security feature during their training.

TIP: Remind users to read the log-on message to be sure that the information is correct.

Even if "Susan Miller" cannot remember the exact time she last logged on, she should remember whether she worked on Sunday. If the message indicates that the last log-on occurred on a day or at a time that is incorrect because the user was on vacation, sick, off for a holiday, or in bed asleep, then the user should report it. And the user should change his or her password (or follow your security team's instructions).

Make sure those on your staff know how to change their passwords. In many organizations today, it's standard practice to ask users to frequently change their passwords, such as every 90 or 120 days. Train users to expect this, understand the reason for it, and be prepared to make up a new password.

Safeguarding or keeping passwords secret is basic to security. Yet many individuals do not take that principle seriously. They share their passwords with colleagues to get the job done, and they post their passwords on their computer, under the keyboard, or under the mouse pad to make logging on mindless.

Here are several suggestions to give your employees for keeping passwords safe:

  • Do not write down your password where it can be easily found and recognized. If you must write it down, do it in a place and way that is unnoticeable.

  • Do not store your password electronically in a file or as a log-on script.

  • Do not share your password, and be aware of anyone who asks for it. Information technology staff and the help desk do not need to know your password. (If there are rare occasions in your organization when work force members will need someone else's password, identify them.)

Adapted from Hospital Pharmacy Regulation Report: http://www.hcmarketplace.com/Prod.cfm?id=1505



Want to receive articles like this one in your inbox? Subscribe to Nurse Leader Weekly!

Most Popular

Related Articles