Q&A: You’ve got questions! We’ve got answers!
Physician Practice Insider, March 7, 2017
Submit your questions to Associate Editor Nicole Votta at nvotta@hcpro.com and we will work with our experts to provide you with the information you need.
Q: Are we required to have employees change their passwords on a regular schedule? If so, how often should we reset passwords?
A: Yes, it is sound security practice to require employees to periodically change their passwords. It is recommended that passwords be updated at least every 90 days. This can be a challenge and there will likely be pushback from some staff. There is no set regulatory requirement to periodically change passwords but there is a requirement to implement sound password management. That would include requiring strong passwords, the requirement to change passwords at least every 90 days or when it’s believed that the password has been compromised, and not permitting employees to use the same password for at least five iterations or times the password is changed.
Editor’s note: This question was answered by Chris Apgar, CISSP, for Briefings on HIPAA. Apgar is the president and CEO of Apgar & Associates in Portland, Oregon. He is also an advisory board member for BOH. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS. Email your questions to Associate Editor Nicole Votta at nvotta@hcpro.com.
Related Products
Most Popular
- Articles
-
- Math can be tricky: TJC corrects ABHR storage requirement
- Air control equals infection control
- Don't forget the three checks in medication administration
- Residency coordinators’ responsibilities
- Study: Shorter shifts reduces residents’ attentional failures
- RPA Subscriber Exclusive: February issue of Residency Program Alert now available
- Note similarities and differences between HCPCS, CPT® codes
- The consequences of an incomplete medical record
- OSHA HazCom updates include labeling, SDS requirements
- Practice the six rights of medication administration
- E-mailed
-
- Air control equals infection control
- OSHA HazCom updates include labeling, SDS requirements
- Tip: Note new thyroid imaging codes
- Tim Porter-O'Grady sounds off
- Skills of effective case managers
- Q: Can you clarify the reporting of dates on the plan of care for diagnosis onset and exacerbation?
- Q&A: Defining Subacute
- Q&A: Are colleges sending students to our facility for rotations business associates?
- Note similarities and differences between HCPCS, CPT® codes
- Fracture coding in ICD-10-CM requires greater specificity
- Searched