This article was originally published in a sponsored newsletter.
Passwords are gateways to almost everything in our digital lives—from our emails and finances to sensitive systems like electronic health records and practice management software. Yet, too often, we choose the convenience of simple passwords over security. I remember the password we used for our computers at Optix years ago; it was something simple and easy, like “Optix123” or “Optix1!” once systems required a special character. It was easy to recall, but hardly the best protection against cyber threats.
It’s crucial to recognize that when security measures feel too complicated or time-consuming, most practice owners (and many individuals) default to the path of least resistance. They pick easy-to-remember passwords, seldom change them and hope for the best. Sound familiar?
“As a company that runs a HIPAA compliance program, we continue to see significant numbers of small practices that do not even meet the basic complexity and length requirements for passwords,” notes Trish Breingan, vice president of compliance at North Shore Computer and co-founder of SPIN Compliance Solutions. “In addition to being a HIPAA violation, it makes it much easier for their local systems to become compromised.”
In the last decade, cybercriminals and disgruntled ex-employees have ramped up their attacks on businesses, seeking personal gain by stealing credit card numbers, social security information and medical records, or even ordering a year’s supply of contact lenses for their mom. As custodians of this valuable information, we are responsible for ensuring it remains protected. Fortunately, there are steps you can take to safeguard your data without adding unnecessary stress to your day.
An enterprise-level, HIPAA-compliant password manager can be a game-changer. If you’ve ever used Google Chrome or iCloud to save your passwords, you’ve already experienced a basic version of this tool. It can help you increase password complexity while keeping it quick and easy to enter your credentials when needed. Password managers that allow you to restrict employees’ access to essential systems and make it simpler to change passwords when staff members leave the company are ideal for practices. In short, they provide the perfect blend of security and convenience.
When selecting a password manager for your office, here are a few important features to consider:
- HIPAA Compliance: Any password manager you use in a health care setting must comply with health care regulations to prevent data breaches. This capability is non-negotiable.
- Role-Based Access Control (RBAC): This feature ensures that you can store all of your passwords for QuickBooks, bank accounts or other systems in one secure place, but only grant access for specific passwords to individual team members based on their role.
- Audit Logs and Reporting: While these tools are not used often, tracking who accesses which passwords can be a lifesaver in the event of a data breach or other issues down the road.
- Easy Onboarding and User-Friendliness: The best password manager is the one you’ll actually use. Even the most secure system is useless if it’s too cumbersome to integrate into your daily routine.
Two solid options to consider are 1Password (which I use) and Dashlane. Both meet all of the essential criteria: HIPAA compliance, RBAC, audit logs and user-friendly interfaces. I find 1Password more affordable and easier to use in everyday practice settings, but either will provide the security and flexibility you need. Other reputable options include LastPass, Bitwarden and Keeper. However, for most practices, 1Password and Dashlane balance sophistication and practicality.
The choice is yours—just don’t make yourself an easy target by doing nothing! A password manager can streamline your security protocols, reduce stress and significantly decrease the chances of a data breach.
Protecting your passwords might seem like a small step, but in today’s digital landscape, it’s your first and most important line of defense. Make sure it’s a strong one.
