Posted by Amy Carbone on Dec 30, 2019 9:30:00 AM
With today's technology, dental practices are using more computerized management tools than ever before. To keep information safe, create strong passwords and use a password saving platform. Here's why.
Why are Strong Passwords Important for Dental Practices?
Strong passwords are crucial for dental practices to be considered HIPAA-compliant. If you have weak passwords that can be easily hacked, your patient data isn't secure– and thus, your practice could be violating HIPAA compliance standards. Make sure passwords used for practice management software, email, computer logins, and other programs are difficult to guess with these tips:
How to Create a Strong Password
- Create long passwords. The shorter a password is, the fewer possible combinations there are and vice versa. Make sure your passwords exceed eight characters.
- Don't use personal information in your passwords. People who know you can easily guess passwords that use birthdays, spouse or pet names, and other personal data.
- Add special characters. It's not enough to simply use letters and numbers, or numbers and both uppercase and lowercase letters. Add special characters like $, #, &, !, and others, depending on which characters are supported by your programs.
- Make your passwords completely random. Randomize characters and letters, even if you're trying to make a word. A very generic example would be changing the word "password" to "Pa$$-W0rD."
- Use a different password for every site. Never reuse passwords and make sure you're using a completely unique one for every site, especially financial websites or programs that house patient data.
- Do not use sequential numbers or letters. Most password-cracking software goes through letters and numbers in order, and a sequential password is easier and faster to crack.
- Change passwords frequently. Set a time and date that makes sense for your dental practice to reset your passwords. The more sensitive your information is, the more often your passwords should be changed. For dental offices, patient information is on the line and you stand to incur a HIPAA violation if your passwords aren't appropriately secure, so the more often, the better.
What is a Password Saving Program?
A password saving program is computer software designed to store passwords in a "vault" that is usually accessed with a single password. You need not remember all your passwords or even write them down on a Post-It to stick under your keyboard (a terrible idea, by the way). The program securely auto-populates saved password data when you arrive at a login screen and you simply click the button to log in. You can generate completely random passwords, store them in the program, and forget about them.
Top Password Saving Programs for Dental Offices
Because extremely strong passwords are needed to protect patient data, and dental offices share practice management programs with multiple employees, password saving programs are an excellent option for practices. Here are four to explore:
1. LastPass
LastPass is arguably one of the most popular password saving programs in use today. The cost is $29/year and features secure data storage, two-factor authentication, safety management, and automatic backup. Access your LastPass vault from a convenient browser shortcut.
2. Dashlane
Dashlane has fewer features than LastPass but does offer data synchronization and SSL security where LastPass does not. The cost is $4/month, which equates to nearly double the annual fee of LastPass.
3. 1Password
1Password costs less than Dashlane at $2.99 a month but is still more costly than LastPass. However, this program is more widely used than Dashlane and boasts several features that LastPass doesn't, like activity tracking, automatic backup, SSL security, and security backup.
4. TeamPassword
TeamPassword lacks most of the advanced features of LastPass and 1Password, but the program also functions as a form filler and a digital wallet.
Most password saving platforms offer free trials, so be sure to try a few programs before you take out the company credit card. Ask your staff to use the programs as well and let you know what they like or don't like about each. The clear choice on paper may not be the right choice in the application, and going through the trial-and-error process can help you find the program that works for your dental practice's specific needs.
Implementing Password Policies in Your Practice? Follow These Tips for Informing Your Staff
If you've decided to implement password policies in your dental practice, you'll need to inform your staff about the changes. Send a notification to your employees via email or memo and discuss details during a staff meeting.
Give them a printed copy of any responsibilities they have for creating or using passwords, as well as what consequences they may face if guidelines aren't followed, and ask them to sign an acknowledgment of receipt. Follow up with your staff a week or two after implementing the new policy and again at around the one-month mark. Ask your employees if they're running into any problems with using the program or adhering to the policy in their day-to-day job and do what you can to offer employees whatever support they need to meet your expectations.
When an employee leaves your practice, have a process in place to change the employee’s passwords, as well as any master passwords they may have had access to. Treat thorough password changes as an important step in removing their privileges and preventing unauthorized access in your system.
About Treloar & Heisel
Treloar & Heisel is a premier financial services provider to dental and medical professionals across the country. We assist thousands of clients from residency to practice and through retirement with a comprehensive suite of financial services, custom-tailored advice, and a strong national network focused on delivering the highest level of service.
Treloar & Heisel and Treloar & Heisel Property and Casualty are divisions of Treloar & Heisel, LLC.
Insurance products offered through Treloar & Heisel, LLC.
Treloar & Heisel, LLC. and its divisions do not offer legal or information technology advice. Please consult a professional concerning these topics.