BestNotes is constantly updating our security and following best industry practices to keep patient data safe. Passwords and two-factor authentication (2FA) are crucial for keeping health data secure and staying compliant with HIPAA. Here is how you can get the most out of these digital security measures.
How to Protect Your Online Accounts
BestNotes stays up-to-date thanks to numerous information sources, such as the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). The NIST document titled “Digital Identity Guidelines” includes recommendations for digital security and identity verification. As of the time of this blog post, these recommendations were last updated in 2020, with additional updates in progress in late 2024.
Some recommendations include:
- Passwords that are at least 8 characters long (though other organizations recommend at least 12)
- Changing passwords periodically, such as every 30-90 days
- Blocking the use of weak or common passwords
- Backup authentication methods to help users regain account access in case of a data breach
Protecting your patients’ data, and that of your organization, requires strong passwords. Other tips for a stronger BestNotes password include:
- Combine characters, such as uppercase, lowercase, numbers, and special symbols.
- Don’t use information that may be on social media, such as your name, birthdate, or pet’s name.
- Create a passphrase of unrelated words, such as “Pink!GrapeGuitar2.”
- Avoid using the same password for multiple accounts.
- Consider using a password manager to help store complex passwords for each of your accounts.
Even a strong password, however, may not be enough security. That’s why digital security experts recommend the use of 2FA. 2FA requires two forms of identification to log in, usually your password and a second identifying factor, such as a code sent to your phone or email.
With 2FA, even if a hacker obtains your password, they can’t get to your account without that second factor. If you haven’t enabled 2FA for your staff and clients, we strongly recommend making it an option.
How BestNotes Helps Keeps Your Data Secure
Following government and industry guidelines, BestNotes provides numerous security capabilities within our products. Our customization options also allow System Administrators to set their own security preferences.
BestNotes also offers recommended settings for most security features. These include:
- Screenlock Timeout of 30 minutes (hides the contents of the screen after a period of inactivity)
- 10 characters minimum password length
- Disabling the maximum password age; users tend to create simpler, more predictable passwords when forced to reset their passwords often
- Allow 1 password “generation” before being able to reuse a previously used password
- Password requirements should not require a set complexity (how many unique characters, numbers, etc.); otherwise users tend to create easy to remember passwords with predictable complexities
- 5 failed login attempts on a single device before the user is “locked out” of the account for a short time (we recommend 5 minutes) before trying again
Other customization options include lockout messages, whether portal users can enable 2FA on their accounts, and how long the 2FA token is valid for.
Strong digital security techniques are necessities now—not options. That’s why BestNotes follows best practices to keep health data safe and preserve users’ peace of mind.
Looking for a behavioral health EHR solution that takes data security seriously? Contact BestNotes today!