Pricing  Get Quote

Password policy enforcer

HIPAA Active Directory password policy requirements

The US Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996 to enact procedures that ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). Any organization that creates, receives, maintains, interacts with, stores, or transmits ePHI must adhere to the mandated HIPAA regulations.

Comply with HIPAA to protect ePHI

Section § 164.308(a)(5)(ii)(D) of HIPPA mandates that admins must enforce:

  1. Procedures for creating, changing, and safeguarding passwords [Password management (addressable requirement)].

Passwords—the "addressable requirements"

The HIPAA Security Rule has always been a point of debate as it gives no specific details on password complexity and deems passwords as “addressable." However, this does not mean that password security is optional; many healthcare organizations use passwords as their first and sometimes only line of defense against cyberattacks.

Notably, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) looks to the National Institute of Standards and Technology (NIST) for guidance, so it's prudent that other healthcare organizations do the same.

A NIST-compliant password should:

  1. Include American Standard Code for Information Interchange (ASCII) characters.
  2. Be a minimum of eight and maximum of 64 characters.
  3. Not be easy to guess like "Password@123" or compromised from data hoarding sites. Learn more about weak and compromised passwords here.
  4. Not be identical to the previous ten passwords.

Simplify HIPAA compliance with ADSelfService Plus

ADSelfService Plus offers advanced password policy settings that help you comply with all the above requirements. You can create a custom password policy that meets HIPAA's requirements on password management, and enforce it on all or specific Active Directory (AD) users based on their domain, OU, or group membership.

Password policy enforcer

  1. Ban weak passwords: Blacklist leaked or weak AD passwords, patterns, and palindromes.
  2. Set a custom password length: Enforce longer passwords for Windows domain users by specifying the minimum password length.
  3. Enforce password history: Ensure password strength by enforcing password history rules during native password resets in the Active Directory Users and Computers (ADUC) console.
  4. Ensure password complexity: Allow users to use Unicode characters in their passwords in addition to uppercase, lowercase, special, and numeric characters.

With ADSelfService Plus' Password Policy Enforcer, admins can:

  1. Restrict consecutively repeated characters from the username or old password, as well as common character types at the beginning or end of passwords.
  2. Enforce passphases, a string of words used as a password, by overriding password complexity if the user password length is above a set number.
  3. Enable the Password Strength Meter to give users instant visual feedback on password strength when they change or reset their AD passwords.
  4. Comply with NIST, CJIS, and PCI DSS regulations.

Utilize advanced password policy settings and ban common words, patterns, etc.

  • Please enter a business email id
    By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.


Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here


Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management