Corporate Compliance

Tip: Protect patient information with system safeguards

Compliance Monitor, July 27, 2011

Hospitals should ensure that passwords are required to access all systems, databases, and applications that house PHI. Passwords should meet complexity requirements (e.g., a combination of numbers, symbols, and uppercase and lowercase letters). Users should reset their passwords on a regular basis.

Hospital systems should lock accounts after a series of failed login attempts. Keep a log of failed login ­attempts can help identify accounts that may be compromised.

In addition, don't give individuals more access to data than they need, and have a termination process in place to discontinue system access should a staff member quit working at the hospital.

This tip was adapted from the August 2011 issue of Strategies for Health Care Compliance. More information about Strategies for Health Care Compliance is available at the HCMarketplace.

Most Popular