HIPAA Password Safety Net

HIPAA requires you reset your password on a regular basis -- sometimes you forget and need a safety net.

Comment

Inspiration

To meet HIPAA requirements, it's important to reset your passwords every 30 days. Violations are expensive, so it's great to have a safety net in place. We're going to use OKTA for both our physician logins and patient identity management.

What it does

Either with admin login, or as a CRON job, it does a "PASSWORD EXPIRE" on all users over 30 days.

What's next for HIPAA Password Safety Net

  1. In the next hour we should have the SEND AN SMS to the user function completed (we had a Twilio snafu).
  2. We're also adding parameters for managing groups and doing selective age reset (e.g., passwords > 10 days old)
  3. This week we're trying to figure out an ALEXA interface -- our service largely runs on Alexa Voice! Stand by for updates!

TESTING

All of the users are less than 28 days old, so you can also try https://lighthouse247.com/shared_services/HIPAAPW/hipaa_pw.php?trigger=all to see all of the PWs set to "EXPIRED"

EXPERIENCE

We've used Twilio a lot in the past, and it's an elegant API. This was our first use of OKTA, and once we cleared up our understanding of SESSIONS TOKENS vs. API TOKENS, it was effortless. We were halfway through a home grown ID management solution and are scrapping it because of the ease of OKTA>

Built With

Share this project:

Updates

posted an update

Update #1 of 3: We added SMS notification for users with mobile phone present. Two organizations we work with that use OKTA have tested the service and asked for a few additional features for "event handling", e.g., HIPAA breach emergencies that do a combination of password resets, logging and security team notifications. We added the code w/Twilio to github (you can still access prior version)

Log in or sign up for Devpost to join the conversation.