Let's Talk
NEW! Take the MDAT Benefits & Salary Survey

Compliance Corner – Security and Passwords

May 19, 2025
Medical Money Matters Podcast

Did you know April 30th was World Password Day? It was established in 2013 to emphasize how important it is to protect electronic information with technical safeguards such as unique and strong passwords.  

In the world of healthcare, we have rules and regulations that require the use of passwords and other technological safeguards to protect our most precious information: protected health information (PHI). Specifically, the HIPAA Security Rule (45 CFR Part 160 and subparts A and C of Part 164) requires that healthcare organizations qualifying as covered entities have in place Administrative, Physical, and Technical Safeguards to protect PHI. A covered entity is:

Table with three columns describing: 1) health care providers (e.g., doctors, clinics, dentists), 2) health plans (e.g., insurance companies, HMOs), and 3) health care clearinghouses that handle health information.

 

In honor of World Password Day, here are some technical safeguards all covered entities are required to enact: 

  • Access Controls: 
    • Unique User Identification: The covered entity must assign a unique name and/or number for identifying and tracking user identity.
    • Emergency Access Procedure:  The covered entity must establish (and implement as needed) procedures for obtaining necessary PHI during an emergency.
    • It is also advisable to have automatic logoff and encryption.
  • Audit Controls – The rule requires covered entities to implement policies and procedures to protect electronic PHI from improper alteration or destruction. The rule also advises implementing mechanisms to corroborate that electronic PHI has not been altered or destroyed in an unauthorized manner. 
  • Person or Entity Authentication – The rule requires the covered entity to implement procedures to verify that a person or entity seeking access to electronic PHI is who they say they are. The rule also requires the implementation of security measures to guard against unauthorized access to electronic PHI that is being transmitted of electronic communication networks, and the rule advises the use of integrity controls and encryption. 

 For further information about HIPAA and the requirements for covered entities, please see the resources below. If you have questions or need assistance determining if you have achieved compliance with the requirements, please reach out!  We are here to help. 

Sources:

-Jodi Faustlin, MPA, JM, CHC, FACHE, FACMPE,  HRMC, RCMC

Leave a Reply

Your email address will not be published. Required fields are marked *

Join our Medical Money Matters Podcast

LEARN MORE
The podcast is our commitment to increasing financial and business literacy for physicians and clinical leaders. All of this is in service to physician wellness and reducing stress by increasing knowledge and understanding. And, it’s free, with our gratitude to a community that’s been good to us for more than 30 years.
Screenshot of a podcast page titled "Medical Money Matters with Jill Arena"

Why HePS?

money

People

Strategy

Products & Courses

Subscribe to our newsletter
Linkedin Youtube Facebook-f

© 2023 All rights reserved

EULA, Privacy Policy, Terms & Conditions