BPS’ portal is HIPAA complaint. We have taken extensive steps to implement the latest security controls to protect both client and patient data. In addition to using network firewalls, anti-virus and anti-malware software(s), 2048-bit SSL certificates, and automatic account lock-out, we utilize encryption for data at rest and during data processing. We also encrypt all hard drives associated with our portal. BPS also utilizes additional advanced security tools for various threat analysis and mitigation; however for security reasons we are not disclosing these items due to the sensitive nature of this information. Learn how to ensure that your mental health practice is HIPPA compliant.
We follow and encourage our clients to follow, proper security best practices such as using strong passwords, no password sharing, and routinely changing your password. Below are some guidelines that are considered password best practices:
- Don’t write down your passwords. You would be surprised to find out how many networks have been compromised because of passwords that were written down. If you must write your passwords down, either because they are difficult to remember or change frequently, make sure you keep the list in a very secure place.
- Don’t use plain words for passwords. If it’s in the dictionary, it’s not a password. Hackers can use software that automatically tries every word in a dictionary file. If you use a plain word, such as horse, they can easily crack it.
- Don’t use personal information for passwords. Hackers can easily guess the names of friends, kids, pets, and other personal information. That includes birth dates and phone numbers.
- Consider using computer generated passwords that consist of random strings of letters and numbers. These are harder to remember, but they are more secure. Randomly mix upper and lower case letters within your passwords.
- Don’t reuse a password; select a new one for each account. If you use the same password across several accounts, they could all be compromised.
- Never tell someone your password over the phone. Companies never contact their customers and ask for passwords over the phone. Hackers pose as tech support personnel from an ISP and obtain passwords from unwitting customers.
- Change your passwords periodically, every few weeks or so.
- Make passwords sufficiently long so that they will be difficult to crack. A minimum of eight characters should be a rule of thumb, with a combination of upper and lower case letters, numbers, and characters.