What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 is a US law that sets data privacy and security standards for the safeguarding of Protected Health Information (PHI). There are five sections called titles, and the most relevant from a security perspective is Title II which gives the U.S. Department of Health and Human Services the power to establish national standards for the health care industry when processing electronic transactions. Title II also requires health care organizations to secure electronic access to PHI to remain in compliance.
What does HIPAA mean for the YMCA of Greater Louisville?
Because the YMCA of Greater Louisville delivers the Diabetes Prevention Program (DPP), all employees, consultants or contractors involved in this important work are subject to HIPAA. To be in compliance with HIPAA, these employees, consultants or contractors must complete certain HIPAA Privacy and Security Trainings. The YMCA of Greater Louisville has also implemented various security policies and procedures to secure PHI.
Protect your Airline Boarding Pass
Did you know loads of personally identifiable information (PII) exist on your airline boarding pass? Unauthorized access to the information on the barcode or QR code can lead to travel disruption, loss of frequent flyer miles, as well as compromise your identity security. The best advice from Krebs on Security is to avoid the temptation to brag about an upcoming trip by posting your boarding pass online. Also, shred your boarding pass rather than tossing it or leaving it on the plane. Better still use a mobile device and don’t print a boarding pass at all. Check out the Krebs story for more details.
Avoiding “Crackable” Passwords
While the YMCA of Greater Louisville has password security requirements, it’s up to you to create passwords that are less likely to be “crackable."
• While 8 characters are the minimum we recommend using even longer passwords which drastically reduce the possibility of password cracking tools from guessing your credentials.
• Include Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
• Don’t use dictionary words or a combination of dictionary words: Stay away from obvious dictionary words and combinations of dictionary words. For example, “house” is a terrible password. “Red house” is also very bad.
• Don’t rely on obvious substitutions: For example, “H0use” isn’t strong just because you’ve replaced an o with a 0.
Try to mix it up — for example, “BigHouse$123” fits many of the requirements here. It’s 12 characters and includes upper-case letters, lower-case letters, a symbol, and some numbers. But it’s fairly obvious — it’s a dictionary phrase where each word is capitalized properly. There’s only a single symbol, all the numbers are at the end, and they’re in an easy order to guess. Want to dig deeper? Check out password advice from How-To Geek.