Blog


← Back to BLOG

24
Jul
2023
Password Complexity Best Practices for HIPAA Compliance Made Simple

Password Complexity Best Practices for HIPAA Compliance Made Simple

It is a routine we follow every day. We enter usernames and passwords to access a variety of websites and applications, such as online banking and shopping sites, and even our devices themselves. However, especially if you work in healthcare, poorly crafted passwords can spell disaster. If you use a weak password like “MyPassword2022,” you will open the door for harmful phishing, ransomware, and spyware attacks. These attacks can have devastating consequences. According to IBM’s Cost of a Data Breach Report 2022, the average cost of a healthcare data breach is $10.10 million, more than double the $4.35 million global average across all sectors¹. Now, you may ask, “How can I keep my patients’ health records and other valuable information safe from hackers?” 

Enter password complexity. HIPAA (the Health Insurance Portability and Accountability Act) includes the Security Rule, which outlines specifications for “creating, changing, and safeguarding passwords” used in healthcare organizations². In this article, we will outline password complexity best practices to keep your organization HIPAA-compliant and your data secure. 

(Image courtesy of https://www.logonbox.com/content/password-manager-in-healthcare/)  

One best practice for HIPAA-compliant password management is to apply minimum overall length requirements for overall length, as well as the number of uppercase, numeric, and special characters³. The National Institute for Standards and Technology (NIST) outlines that passwords for HIPAA-covered entities must include at least eight characters, featuring complex and random combinations of letters, numbers, and symbols⁴. Additionally, do not use any words from the dictionary in your password⁴. While longer passwords are more effective, you may opt to use three- or four-word passphrases instead⁴. Try using unrelated words like “chicken-airplane-soldier” or “raccoon-doorknob-spacecraft” in your passphrase for greater security⁴. Any way you slice it, following these standards will make your healthcare organization’s login processes more secure. 

Another best practice is to avoid changing your passwords regularly³. While NIST formerly recommended that users change their passwords every 90 days, or about three months, that is no longer the case³. NIST found that instead of completely overhauling their passwords, users often transformed them only slightly, sometimes by a single digit³. For example, users might have transformed their password from “passwordfor2020” to “passwordfor2021” ³. However, this approach is problematic. If hackers have cracked the old password, chances are they will crack the new one sooner rather than later³. Therefore, NIST now recommends that you only change your password when weak or transformed passwords are exposed, when there is evidence of compromised passwords, or when employees leave your organization³. 

Still another best practice for HIPAA-compliant password management is to utilize two-factor authentication (2FA), which we outlined in a previous article. As its name suggests, 2FA requires users to enter single-use passcodes along with their username and password when logging into protected accounts³. However, keep in mind that these passcodes are often delivered via SMS text or authenticator app, potentially opening doors for hackers if you receive them on the same devices you use to access protected data³. Nevertheless, selecting the right 2FA solution will help your healthcare organization meet HIPAA standards and keep your passwords secure. 

(Image courtesy of https://www.globalsign.com/en/blog/how-make-multi-factor-authentication-simple-and-secure-health-services-industry)  

While applying minimum requirements, avoiding frequent password changes, and using 2FA are excellent practices for HIPAA compliance, also remember to check password blacklists³. These lists not only include commonly hacked passwords, but more importantly, those exposed in data breaches³. For example, NordPass notes that the most frequently cracked passwords in the U.S. last year were “123456,” “password,” and “12345” ⁵. Since these simple, predictable passwords are the first ones that hackers will attempt to crack, you must avoid them at all costs³. This demonstrates the importance of effective password management for complying with HIPAA requirements. 

If you are a healthcare provider seeking HIPAA-compliant password management solutions, navitend can help. We offer managed IT (Information Technology) services for clients throughout New Jersey, New York, and Pennsylvania, including HIPAA-related security risk assessments and password management software. Once you have decided to install our password management software, we will work with you to ensure that everyone in your organization can securely access passwords by only remembering a single, secure password that only you know. We have the solutions you need to protect your healthcare organization’s login processes 24/7/365.  

Navitend can help you. Call 973.448.0070 or setup an appointment today. 

Sources: 

¹IBM Security. “Cost of a Data Breach Report 2022.” Retrieved from https://www.ibm.com/downloads/cas/XZNDGZKA. 

²HIPAA Journal. “The HIPAA Password Requirements and the Best Way to Comply with Them” by Steve Alder. Retrieved from https://www.hipaajournal.com/hipaa-password-requirements/. 

³HIPAA Journal. “5 Password Best Practices for HIPAA Covered Entities.” Retrieved from https://www.hipaajournal.com/password-best-practices/#:~:text=%205%20Password%20Best%20Practices%20for%20HIPAA%20Covered,blacklists%20are%20lists%20of%20the%20most...%20More%20. 

⁴Bitwarden. “HIPAA Password Requirements Explained” by Andrea Lebron. Retrieved from https://bitwarden.com/blog/hipaa-password-requirements/. 

⁵NordPass. “Top 200 most common passwords.” Retrieved from https://nordpass.com/most-common-passwords-list/.  

Contact us at 973.448.0070

Testimonials

  • navitend is an amazing resource for all your IT need! Navitend has been supporting Capitol Care Inc.'s IT needs for many years now and our relationship is wonderful! They are in the know on the latest tech trends and they are always working to enhance our security. Their support team is amazing and you are lucky to have the chance to work with Anthony DeRosa. He is professional, knowledgeable, and always willing to go the extra mile to assist us! HIGHLY RECOMMEND THIS COMPANY!!!

    Nicole
  • Rick dedicated 2+ days of helping my facility with the install of new printers. This team is fantastic!

    Lori
  • Corey and the group at navitend are always so helpful and do everything they can to help. Thanks for your professionalism and continued help.

    Robin
  • Our company uses Navitend for all its IT needs and every time I've had to ask them for help, they've fixed the issue within hours. Thank you so much!

    Chase
  • navitend is a professional IT organization that I would recommend to my clients. Navitend builds strong relationships with their clients to better understand their needs. Navitend is community focused and does work to support local charities. Overall a great company.

    Michael
  • I have been working with navitend for 10+ years. Great group of talented professionals!

    Anne
  • This IT firm has been extremely patient, helpful and professional and they are immediately available to troubleshoot and solve problems whenever they arise. Highly recommend them!

    Kathy
  • Their technicians? Unsurpassed, each and every one of them. They make me and my co-workers feel as though they are just sitting in their office waiting for us to call them with a problem so they can solve it right away. They treat us as if we are their only client. Talk about great customer service. Call them, you'll be glad you did.

    Kathy
  • Everyone at navitend I have worked with has offered some of the best customer service I have had. They are patient, knowledgeable and somehow remember my and my colleagues' names. After working with other IT support, I am thrilled my organization is using their services.

    Robyn
  • This company is the best! I feel for the guys that have to help us who are not so tech savvy! Never have I been disappointed at the great service navitend provides! Corey was especially helpful and I highly recommend Navitend for all your IT needs! You will be extremely satisfied!

    Kathleen
  • navitend has gone above and beyond my highest expectations. Anthony was great! He was able to coordinate with an Adobe Rep and resolve issues that I had just put too much time into. Thank you again - It was a real pleasure working with you!

    Forrest
  • Corey came to my rescue by getting Quick Books working for me. He is excellent at what he does. Very knowledgeable in the Tech field. I don't know what we at Equity Environmental would ever do without him. Thank you Corey!!!!

    Lucille
  • We wholeheartedly recommend navitend for their exceptional IT solutions and services; they have undoubtedly earned our trust and loyalty for future endeavors.

    Benjamin
  • AMAZING!!!! Every time I have an issue or question, navitend responds promptly and professionally. Each time I deal with one of their support technicians, I am always grateful for how quickly an issue is resolved and how courteous the staff is. I cannot recommend navitend enough!!! Wonderful support in a day and age when customer service can be challenging.

    Jacqueline
  • navitend is a professional company providing Quality service, great customer service and prompt response to service needs.

    Tammie
  • Over the years that Navitend has been supporting my network and hosting our web site they have always been responsive, professional, and highly skilled. On a few occasions, I have turned away other vendors that have tried to get their foot in the door. Very satisfied.

    M B
  • Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!

    Steve The C12 Group in Houston, Texas
  • I just had an excellent experience with Navitend! I got a new computer and I needed Microsoft Office installed and access to an additional e-mail account. The navitend team was so professional, polite, and patient with me. I am not technologically savvy at all, so they were doing all that they could with the little bit of information that I gave them. They spent over an hour trying to help me. They went above and beyond in assisting me and I was able to get everything installed that I needed. The navitend team is doing a great job!

    Denise
  • Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level.

    Greg
  • I needed to have the battery on my computer replaced. Andrea met me in person to complete that task. While with her, Andrea was able to assist me with a variety of software and computer setup issues. Andrea was pleasant, professional and patient with me and I greatly appreciated her assistance. She came to address one need but was able to fix several for which I am grateful. I think she is an asset to the Navitend team! Thanks again Andrea.

    George
  • Best costumer service!! They are the nicest and most patient people. I highly highly recommend!!!!

    Stephanie
  • The staff at Navitend is very professional and strives to meet the needs of their clients. As a Small Business owner trust and professionalism are keys to conducting business. navitend sets a high standard of ensuring their clients trust their decisions are for the interest of their business.

    Christopher
  • I recently had to work from home for the first time, and Corey at navitend provided EXCELLENT service. He was patient, kind, and followed through on all the details!

    Penny
  • De'Ana gave great insight on billing issues. I recommend navitend for all IT services.

    Christian
  • My firm has used navitend for our IT needs for over 10 years and we are highly satisfied. We’ve found the navitend team to be professional, friendly, and, knowledgeable. They are sensitive to our changing IT needs and the shifting compliance landscape within the financial services industry. We recently completed a server migration and had the pleasure of working with Tony & Andrea who handled the project extremely well, ensuring a smooth transition. We are pleased to call navitend our trusted IT partner!

    Kristin
  • navitend has been great with me and my colleagues as we go through a difficult transition to new technology! They are incredibly patient and helpful. I highly recommend them.

    Molly
  • navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.
  • I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down.

    Andy
  • 100% of all expectations met. Don't just consider navitend, choose them and get back to YOUR mission!

    C Baker
  • navitend’s approach to customer service is greatly appreciated here.  Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest. 

    Debbie
  • Thank you to Anthony at navitend for the time and effort he put into trying to resolve the issues my laptop was experiencing. I so appreciated his tenacity, professionalism and good humor as we tried (and tried) to figure out a solution. Anthony made sure I understood what was happening at all times, explained things thoroughly and followed up when promised.

    Maria
  • Corey was outstanding today in the services he provided - efficient, professional, knowlegable, kind, and understanding with someone who has no clue about computers. Thank you! 😊

    Mertie
  • The tech's at navitend are very knowledgeable and thorough. Corey was patient and kept looking into every avenue until he found the issue and fixed it. Thank you so much you guys are great.

    Lisa
  • navitend has been a life-saver many times for me! They are diligent in troubleshooting problems - until they resolve it. I've worked many times with Corey and he is fantastic - I can count on him to fix all my Outlook and computer problems. Overall, I highly recommend navitend.

    Bob
  • These folks are spectacular! They're contracted by my work to provide IT support, and they are SO responsive that my mind is blown every time! Just a quick email to request help, and I immediately get a response for a patient and friendly person to call me and walk me through the solutions.

    Hannah
  • Navitend has been our IT provider for many years and we are so grateful for their hard work. Nate and Vin especially deliver exceptional service and great communication. We highly recommend Navitend for your IT needs.

    Behavioral Health Client
  • navitend was great and my experience was beyond excellent. Very professional, courteous, and responded in a timely manner. They go above and beyond for their clients. They are a pleasure to work with. Kudos to the navitend Team - keep up the great job!

    Ann
  • The team over at Navitend always takes care of my IT needs. They are quick to respond and patient, no matter how simple my question or need.

    Jeremy
  • I highly recommend navitend for their professionalism, integrity, down-to-earth advice and thoughtful recommendations. Every solution that they offer is unique and the most appropriate to their customers' needs.

    Paula
  • Andrea always goes above and beyond with meeting expectations and customer satisfaction! navitend provides great IT services.

    George
  • Very helpful, courteous & professional. They do a great job and are pleasant to work with as well.

    Robert
  • I have done business with navitend for 10+ years and have found their products and professionalism to be 1st rate. And, from a “service after the sale” perspective … even though my company is California based, my customer experience couldn’t be better. Frank Ableson and his team are top tier professionals. Proud to be one of their customers!

    Bryan
  • Corey helped me with what I thought would be a minor problem that snowballed in to some complex computer world wizardly stuff and he was so smooth and calming and had it fixed in 15 minutes!! YES!!!! Tuesday crisis averted!!

    Kari
  • My customer service experience with navitend was absolutely amazing. My computer crashed and we needed to order a new one. navitend was there to help and get us a new computer and set it up from start to finish. The tech Corey that came out was very pleasant to work with. From start to finish he made sure that all of my programs were working properly again from my old machine. I even had follow-up phone calls from him making sure I was happy with how everything was set up. I have never experienced such exceptional customer service.

    Brian
  • I am truly impressed by the focus the team places on the requests from our company. Truly an excellent team!!

    Josefina
  • I cannot say enough about navitend's expertise, customer service, knowledge and professionalism! They have been a great partner with our company for all of our IT needs.

    Margaret
  • Our company uses navitend for all of our IT needs. Rick and team worked for many hours today repairing an issue they had never seen before. With a project deadline of 5pm today, they were able to figure out the issue and get me back to work. The persistence, urgency and professionalism are 2nd to none. Thank you!!

    Matthew
  • The nonprofit that I work for contracts with navitend for tech support. I am so grateful for this service! The support team is highly trained, friendly, professional, and is able to figure out any and every situation that requires help. I recently had a rather lengthy software installation and worked with Andrea who was amazing. I can't recommend Navitend highly enough. I'd give more stars if I could!

    Claire
  • Anthony was very helpful and solved all my issues promptly. I appreciate all his hard work. Thank you navitend and Anthony.

    Kyle
  • navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company.

    Bob
  • Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!

    Lawrence
  • Their support staff is beyond good. They sorted out our company email server migration problem yesterday in record time. It's great to work with a team that has expertise in depth. There are so many one-man-bands out there. It was a good decision to go with the pros.

    Steve
  • navitend has consistently offered timely, professional, and courteous solutions to our business needs ranging from troubleshooting, purchase and setup of new computers and other advice. They are my 'go-to team' and continue to be a trusted support in our time of need.

    Laurie
  • We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch.

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary
  • Corey is the best there is at his job! He fixes everything with no problem. It's amazing to have someone to trust. GO COREY 😊

    Grace
  • I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response.

    Luke
  • navitend is always providing prompt response, strong technical skills and excellent customer service. Corey, Jeffrey and the other technical support team members are very helpful and user-friendly. Thank you all very much for your fabulous work!

    Chenghan
  • I wanted to personally thank Corey for always helping me with any concerns I have about my software inquiry issues. He is quick with his responses and I am always up to date with all my connectivity. Always a great experience! Thank you!

    Blerina
  • Corey has been very helpful! Response to my concerns are always prompt and he makes it easy for me to understand exactly what he is doing. I am very grateful for his help!

    Sue
  • Corey is ... an IT genius!!!! This man deserves a major raise and weekly bonuses!!! navitend is my go to for everything IT related, morning noon night and weekends!!! Love this crew!!

    Heather
  • IT technician Jay provided exceptional service on our call today! I have worked with him a few times. He has been really wonderful to work with in getting all my systems set up the last few weeks. He has been so helpful, patient and really just so great all around. In regards to Navitend--- This has been the best IT team I have worked with in my career. I have worked in corporate for years prior to transitioning into non-profit, and IT support has always been one of the challenging things to deal with in both major companies I worked with. Navitend, your service is exceptional and your team is wonderful to work with. Quick response on all my ticket service requests! Thank you!

  • THE BEST!! I've never felt compelled to write a review for any service until having the pleasure to work with navitend. The professional and supportive staff make an often frustrating technical situation, dare I say, enjoyable. They always go above and beyond to find answers to unique problems. Their response time is unbelievably fast. I could not more highly recommend!!

    Stephanie
  • Navitend is a professional, responsive, and knowledgeable organization. They go above and beyond for their clients. The other day Corey Feinsod, one of their Network Technicians, helped resolve a challenging technical issue I experienced working remotely. I appreciate that their team finds value in customer service.

    Cheryl