Password security for IT platforms in the hospital have just taken the next step toward making life miserable and more complicated and potentially less secure for doctors and patients. I learned today after logging into my work computer that my password I've had for 10 years, a password that has worked without a single episode of security breach, a password that has allowed me to log in quickly and efficiently for 10 years , has been revoked in favor of a more secure method that requires a more complex password as well as one that requires changing on a routine basis.
In case you have a problem reading it, it says:
Even though my choice of password is so secure, I had to write myself a little note with the title "Super secure hospitalist IT password: Password!" in the notes section of my unsecured iPhone. Now I just have to hope I never lose my iPhone. I'd hate for someone to find my EHR password and log in to the hospital computer system to steal patient information.
Although, now that I think about it, the iPhones come with the ability to remotely lock lost iPhones to protect it from password peepers who may have found the phone. Unfortunately, I can't use that function because I don't remember my password. With so many passwords to remember, I had to write it in the notes section of my iPhone too, right next to my hospitalist IT password"
I don't know if this is a government EHR mandate or some other regulation that requires physicians and other medical professionals to constantly change their passwords in hospital IT systems or not. It is what it is. When I tried to enter my password, here is the alert that was given:
In case you have a problem reading it, it says:
"The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria: is at least 6 characters; has not been used in the previous 6 passwords; must not have been changed within the last 1 days; does not contain your account or full name; contains at least three of the following four character groups: English uppercase characters (A through Z); English lowercase characters (a through z); Numerals (0 through 9); Non-alphabetic characters (such as !, $, #, %). Type a password which meets these requirements in both text boxes."There's an old saying that goes around in the medical community: "If it ain't broke, then fix it." To remain in compliance with the new "minimum complexity requirements" of password security just to get to my EHR platform, I have abandoned my 10 year uncomplicated and always remembered and never had a problem with password in favor of the password "Password!" That's right folks. "Password!" is considered in compliance as a much more complex and secure password than the random name and letters I've had for the last ten years. I can't imagine anyone ever guessing my Password!
Even though my choice of password is so secure, I had to write myself a little note with the title "Super secure hospitalist IT password: Password!" in the notes section of my unsecured iPhone. Now I just have to hope I never lose my iPhone. I'd hate for someone to find my EHR password and log in to the hospital computer system to steal patient information.
Although, now that I think about it, the iPhones come with the ability to remotely lock lost iPhones to protect it from password peepers who may have found the phone. Unfortunately, I can't use that function because I don't remember my password. With so many passwords to remember, I had to write it in the notes section of my iPhone too, right next to my hospitalist IT password"
