Often the weakest links in HIPAA security are your employees. Their days are filled with unplanned deadlines and requests, not to mention the tasks you originally hired them to do; HIPAA Compliance is often an after thought.
What ways can employees help with your HIPAA compliance effort?
The answer may be simpler than you think. Here are some ideas to support a successful HIPAA Security Program:
Update Passwords– Passwords are the gateway into your systems, and unfortunately, good password hygiene isn’t always observed. Strong passwords are one of the easiest ways to protect your systems, giving you a big bang for your proverbial buck. Passwords should be changed quarterly, using a minimum of 10 characters, with capital letters, numbers and special characters. Often it isn’t a complicated hack that compromises a system, it’s carelessness that leaves your systems vulnerable.
Tools for Remembering Passwords– Ok, we know that staff has to change passwords often; how can we help make these easier to remember? Here is a way for them create a password they won’t forget. Ask your employees to think of their favorite song or inspirational quote and memorize it. Then ask them to create a password using the first letters and numbers from at least ten words of the quote. Capitalize some of the letters, change vowels to numbers, and add unique characters like (#&!*). Enforcing password management is one of the easiest ways to safeguard the PHI they handle. Remembering passwords with this technique may add a smile to their face as they think of their favorite song or quote while logging on.
Password Management Programs– With all the logins we have to remember, many folks are migrating their passwords to management programs like LastPass, 1Pass, or Dashlane to name a few. These are great programs, and many of them will allow you to securely share passwords in those rare occasions you need to share a login, generate secure random passwords for sites, and monitor your employees password strength.
Two-Factor Authentication– All programs that support it should have 2-factor authentication activated. This means that a second device is required to access sensitive programs. Authentication can be done by sending a text or email, or using a program like Google Authenticator.
Remind, Reward and Recognize Employees for Following HIPAA Guidelines– When you see employees correctly implement the information presented in the online training, recognize their efforts. A simple reward like a chocolate bar or small gift card goes a long way. When you see your employees following guidelines in their daily routine, recognize it with a handwritten note or even a quick email thanking them for protecting your company.
HIPAA Security is a very serious subject. However, you’ll find your employees more willing to comply by lightening the mood around the most important issues.
Employee Quiz
Simply copy and paste this link in an email to your employees asking them to take this brief HIPAA quiz. We’ll notify you when each employee has completed it. This is an excellent time to reward and/ or recognize them for their efforts.