HIPAA Password Checklist

Password Checklist

  • Policies should be in place prescribing password practices for the organization.
  • All staff should understand and agree to abide by password policies.
  • Each staff member should have a unique username and password.
  • Passwords should not be revealed or shared with others.
  • Passwords should not be written down or displayed on screen.
  • Passwords should be hard to guess, but easy to remember.
  • Passwords should be changed routinely.
  • Passwords should not be re-used.
  • Any default passwords that come with a product should be changed during product installation.
  • Any devices or programs that allow optional password protection should have password protection turned on and in use.


Strong passwords should:

  • Be at least 8 characters in length
  • Include a combination of upper case and lower case letters, at least one number and at least one special character, such as a punctuation mark¬†