Not the Final Word on Passwords

Neil Baum, MD

Neil Baum, MD, is Clinical Associate Professor of Urology, Tulane Medical School, New Orleans, LA, and author of Marketing Your Clinical Practice: Ethically, Effectively, and Economically, Jones Bartlett Publishers.


There are a few common sense suggestions that can make your passwords hack-proof and should be used by every medical practice to ensure protection, privacy, and HIPAA security:


  • Each computer should have password protection before the computer can be opened
  • Each application, especially your EMR and PMS, needs a password before the user can access the program
  • Advise your staff that it is unacceptable to keep passwords on a sticky note around the computer, written in a cryptic format on the computer, laptop, or Smart Phone
  • Passwords should be changed every 90 days
  • All devices need to automatically go into the timeout mode after several minutes of inactivity.
  • All servers should be under lock and key.


Bottom line: By taking a few of these precautions, you can be sure that hacking, data theft, and unauthorized users will be kept to a minimum.