#7 • Enforce Usernames & Passwords
THIS BLOG IS OUT-OF-DATE!
This blog was moved in 2019 and renamed "Dental FraudBusters"
#7 in our series of #TIPS intended to keep your data secure, and help manage fraud, embezzlement, waste, and abuse in the practice.
Practice Management Software
Your Checklist:
- ensure all employees have a unique username and password.
- make sure User Access control is properly defined and configured in your software.
- check that you (the practice owner) are the only person with “administrative” access.
- create or update “computer use policy” and “business code of conduct policy” for your practice.
Synopsis
All currently supported practice management software programs have some form of “security” and “access control”.
Security is what keeps unauthorized people out of your software.
Access Control places restrictions on what people can and cannot do when using the software. For example; access control can prevent a chairside dental assistant from accessing your financial or audit-log reports.
“If you have never read the section on security and access control in your practice management software manual; do your dental practice a favor and read it today.”
William Hiltz BSc MBA CET
Ensure that your practice management software is configured for employee to have their own unique username and password.
NEVER set up usernames like FRONT, or OP1 that may be shared based on job function.
Every employee must have their own unique username. When an employee leaves the practice, set their username to inactive in your software.
Ensure employees use reasonably complex passwords. A password such as “tooth” or “smile” is a poor choice.
Since employees may be frequently log in and out of various computer stations during the day, I recommend they use a password that is easy to enter on the keyboard. (efficient and fast).
This means, a password like @1?9@HKJdBojh%&* is a poor choice for accessing your practice management software. It does makes for a good email password though. 😊 An easy to guess passwords like 1234 is a poor choice as well.
Instruct employees to NEVER share passwords with anyone, and passwords should be changed every 6 months.
Ensure that each username is configured for access control. Your software probably already has a few predefined access control levels for different job functions, such as: “front desk”, “chairside”, “coordinator”, “manager” and so on.
The basic principle is that employees should only be permitted to access the software functions required for them to do their job – and no more. The dentist or practice owner should be the only person with “administrator” level access.
If you have questions about usernames, passwords and access control for your software, the first step is to read the relevant section in the software manual – it will help. If you need more help, contact your software vendor. They can set things up properly – after all, they designed the software you are using.
In conjunction with this, you’ll need to create and implement a practice “computer use policy” and business code of conduct.
I have provided a couple of examples that you can download and use as as a starting point. (they are in MS-Word format)
Edit – go here for the downloads:
PLEASE, don’t just copy and paste the documents into your practice manual. These documents should to be thoughtfully tailored to your specific situation.
As always, if you have questions regarding any of the above, please feel free to contact me.