Protecting patient data and privacy is a complex problem but it starts with keeping good security habits. One of the most effective habits we can build is to regularly change our passwords. But, just like going to the gym every day, it's easy to find excuses to not do that. We've added a security enhancement that allows Administrators to enforce password management habits to whip us into security-friendly shape and better align with HIPAA and PIPEDA regulations.
The Administrator can now force a password reset for everyone, set a schedule for everyone to change their passwords and manually change a password for a user. Think of this like your personal trainer for security.
How does it work?
In the Administration section of Curve Hero, in the Practice Information Setup screen, you will see some additions. The first addition is the ability to reset all users’ passwords. When used, this feature will require all users to change their password upon their next login.
The second change to our password reset project, is the addition of a new frequency selection option. This option allows a practice administrator to select a password reset frequency that will regularly prompt all users to change their passwords upon login.
We have also made a change to the workflow for the creation and editing of existing passwords. All users will be required to reset their password, on next login, when a password has been set or changed by an administrator. This new change helps ensure passwords are not shared among users. Of course, when an administrative user changes their own password in User Management, a password reset will not be forced.
We are always working towards better ways to improve our security within Curve Hero and this is a step in the right direction.
Thank you for your ongoing commitment to security and privacy!