The US Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996 to enact procedures that ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). Any organization that creates, receives, maintains, interacts with, stores, or transmits ePHI must adhere to the mandated HIPAA regulations.
Section § 164.308(a)(5)(ii)(D) of HIPPA mandates that admins must enforce:
The HIPAA Security Rule has always been a point of debate as it gives no specific details on password complexity and deems passwords as “addressable." However, this does not mean that password security is optional; many healthcare organizations use passwords as their first and sometimes only line of defense against cyberattacks.
Notably, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) looks to the National Institute of Standards and Technology (NIST) for guidance, so it's prudent that other healthcare organizations do the same.
A NIST-compliant password should:
ADSelfService Plus offers advanced password policy settings that help you comply with all the above requirements. You can create a custom password policy that meets HIPAA's requirements on password management, and enforce it on all or specific Active Directory (AD) users based on their domain, OU, or group membership.
With ADSelfService Plus' Password Policy Enforcer, admins can:
Utilize advanced password policy settings and ban common words, patterns, etc.Download a free trial now!Request demo
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.