The DOs and DON’Ts of Password Privacy — Are Yours as Secure as They Can Be?

Dr. Linda G. Drake

These days, it feels like there’s a different password for everything, and as hard as you try, it can be difficult to keep track. It doesn’t get any easier when you add the important passwords that secure the systems in your practice to the mix.

At the same time, though, making sure your practice has adequate password security is absolutely critical: it doesn’t matter how secure the systems you use are if potential attackers can easily get ahold of your passwords. According to Verizon data, 80% of data breaches involve compromised passwords.1

With this in mind, there are few things you can do to make sure your passwords — and the PHI they protect — stay secure:

DO: Choose Long, Hard-To-Guess Passwords. And Change Them Regularly!

It’s easy to use personal information in passwords and keep them forever so you’ll remember them. But unfortunately, this also makes them easier to guess, hack, or eventually be leaked.

An ideal password is too long to hack and too odd or “random” to guess. For complicated and memorable, get creative! For example, a password that contains the initials of the lyrics to Hot Cross Buns, plus the year it was written, would be “HCB1HCB7OAP3TAP3HCB”. Good luck guessing that!

DON’T: Give One Password for All Employees to Access Information.

Sharing passwords between employees is convenient. It also raises major concerns. How much PHI can be left unsecured with one password? Can some employees see more than they should with this login? If someone misuses software, how do you track who did it? And can past employees still log in?

It may be more work, but setting up individual accounts and passwords for all users is the best way to stay safe and maintain accountability within your practice.

PCS Makes it Simple
PCS Makes it Simple

DO: Set Up Two-Factor Authentication, Especially for Remote Work.

Two-factor authentication, or two-step verification, is pretty simple: after you enter a password, 2FA systems will also send a code to your mobile device or email to confirm your identity.

This way, even if someone gets access to your computer or password, they won’t receive instant access to your practice data and patient information. We especially recommend it for any systems that can be reached remotely!

DON’T: Leave Passwords on Sticky Notes!

You would be shocked at how many businesses — even those where people know better — leave passwords written down near their computer. For anyone who still has their doubts: this is not the most secure way to keep track of this vitally sensitive information!

Having passwords laying around is one of the easiest and most common ways for PHI to be compromised. Make sure everyone in your practice is trained on password security as soon as they join the team to avoid any accidents.

PCS Can Help You Protect Your Passwords

Remember: a single misstep with your passwords can lead to major consequences. For more on this or any other cybersecurity concerns, please reach out to PCS — we can provide security and peace-of-mind.