HIPAA Password Compliance
The HIPAA Privacy Regulations require that appropriate administrative, technical, and physical safeguards are in place to protect the privacy of protected health information. To meet this requirement, HavenZone will implement a change to the password policy for all accounts used for accessing the computers on a medical clients network.
The following represents the minimum requirements for your HavenZone password.
- Password complexity: Must not contain significant portions (three or more contiguous characters) of your account name or full name, must be at least eight (8) characters in length, must not use control characters and other non-printing characters, and must contain characters from at least three of the following four categories arranged in any order.
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic characters: ~!@#$%^*&;?.+_
- Maximum age: All passwords must be changed at least every sixty (90) days.
- History: Set at six (5), meaning the password needs to be set six times before it can be reused.
- Account Lockout Threshold: After five (5) unsuccessful attempts to enter a password, the involved user-ID will be temporarily disabled for five (5) minutes after which the account will be automatically unlocked.
Passwords must be a minimum of eight (8) characters long and alphanumeric. Passwords should not be based on one’s user name, actual name or any dictionary name; i.e., a good password should not contain standard words. The longer your password is the more secure it will be.
HavenZone strongly advises the use of a password manager program like 1Password to keep track of and manage all of your passwords. Also it is highly recommended to use 2FA when possible.