This is the second in a series of 3 blogs on EHR security.
The first one covered physical security. Now we’ll talk about digital security.
This is the type of security that gets the most attention these days.
While there will never be an application that is 100% safe against hackers, there are a number of things you should look for to ensure that your application is only accessed in a secure fashion and by authorized users:
- If your application is accessed via a web browser, the web address should start with https (not http), this ensures that all data is encrypted before it is transmitted across the internet
- Since passwords are a major part of accessing any software application it is imperative that measures be taken to ensure the passwords are secure
- Forgotten passwords should be required to be reset. The application should never remind you of your password via email.
- Passwords should be required to be ‘complex’. Typically this is considered to be at least eight characters in length with a mix of letters, numbers and symbols.
- Passwords should be required to change on a regular basis.
- An account should be locked out after a number of consecutive failed login attempts.
The last blog in this series will post next week and covers confidentiality.