Users should not share their username and password with others, this includes colleagues, third party organizations and/or family members. Treat your User Credentials like you would your Toothbrush.
All staff permitted access to the Secure Forms software (practisforms.com) should be required to complete and acknowledge HIPAA Training as well as the Policies related to Security and HIPAA Compliance within the organization.
For increased security, you may want to consider one of the many “Password Management” products that are available.
Practis Forms User Accounts
Customers are encouraged to create user accounts for each staff member that require access to the “Secure Forms Admin Control Panel” and who will interact with ePHI. This will allow the customer administrator to track activity of each user. A simple audit log is available to customer administrators.
Customers are encouraged to review user accounts regularly to remove credentials that are no longer necessary.
Confidentiality & Passwords
Customers are encouraged to follow the recommended best practices for password creation and management. Recommendations are not specific to our Practis Forms application. These tips should be considered for all user credentials.
Recommendations for Strong Passwords:
- Don't use passwords that include personal information (your birthdate, your child's name, where you were born).
- Don't use words that can be found in the dictionary.
- Use different passwords on different accounts across the Internet.
- When creating user accounts, we recommend changing the default password at the first login.
- Passwords should be at least 8 characters long and should contain both Upper and Lowercase letters, numbers and special characters.
- Contain at least 8 characters,
- Contain upper and lowercase letters,
- Contain at least one number (0-9),
- Contains at least one special character (!, @, #, $, %, ^, &, or *).
- We suggest changing your password every three months. Some software may require a password change.
- Please review our Policy regarding Third Party access to user accounts.