Are you providing an open invitation to your data?

It is the holiday shopping season and you pull up to a parking space at the busy shopping mall.  You’re in a hurry so you get out of your car and leave the keys in the ignition with your car running.  Your wallet, meanwhile, is sitting on the front seat open with a stack of twenty dollars bills laying neatly on top.  In the spirit of being extra generous, you decide to leave the doors and windows wide open for that extra measure of indifference.

WAIT…back up….would you or anyone you know really do this?  Probably not.  However, if you are like most people who manage personal finances electronically either through mobile means or in your home, leaving your devices or applications unprotected or protected with weak passwords is essentially providing an open invitation like your car there in the parking lot.

Professionally, behavior like this is even worse if you are a company or an individual entrusted with important data about customers or, in the case of a home health agency, the patients you care for on a daily basis.

As technology evolves and data is accessible in digital form, strong password management is key to securing patient health information.  As dictated under the HIPAA Security Rule “covered entities” MUST establish “procedures for creating, changing, and safeguarding passwords.”  Password management is vital for protecting sensitive medical records, so making sure your organization has solid procedures in place is important.  For users, it is of supreme importance that passwords are not only difficult to crack, but also not displayed widely for would-be hackers to find.  Here are some things to keep in mind:

  •  Does your application allow for configurable settings to dictate password strength?  Can you force the use of special characters or prevent the reuse of old passwords?
  •  As a user, are you making sure your password doesn’t include any identifiable information that can easily be decoded by someone that can easily secure information about milestones in your life?  Are you avoiding key identifiers like your birthday or your child’s name?  How easily can your password be hacked?
  • Have your users gone to the effort of creating rock solid passwords, but they resort to writing out the password on a sticky note and securing it to their PC or laptop? 

Password management is clearly an important component of any security model.  Are you doing all you can to keep your data safe?