MDS Alert

Reader Question:

Make Documentation Easier With This Update

Published on Wed May 08, 2019

PDF

Question: How often should we change our passwords for our computers? Right now our information technology consultant set things up so that our passwords expire every 30 days, but my staff is a bit overwhelmed with the need to constantly remember new passwords, and I think the efforts are distracting them from their jobs. I’m always trying to remove obstacles to documentation, and this feels like a big one.

Utah Subscriber

Answer: Though frequent password changes have been the norm for years, the National Institute of Standards and Technology (NIST) updated their guidelines and recommendations concerning identity security. If your team members and staff are already struggling with the demands of providing excellent care, removing the mental barrier of frequent password changes could help facilitate more and better documentation.

“Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator,” NIST says (all emphasis original).

With this advice, encourage your IT manager and all your staff who use computers to choose a strong password (or “secret,” in NIST parlance) for each function requiring a password, and don’t require any changes unless you must.

Additionally, NIST does not recommend requiring that passwords have multiple composition rules, like mixed-case letters, numerals, or special characters.

“These rules provide less benefit than might be expected because users tend to use predictable methods for satisfying these requirements when imposed (e.g., appending a ! to a memorized secret when required to use a special character). The frustration they often face may also cause them to focus on minimally satisfying the requirements rather than devising a memorable but complex secret,” NIST says.

When updating your password rules and regulations, NIST recommends creating a “blacklist” of passwords that are common enough to be vulnerable to attack.

To read the rest of the NIST updates, go here: https://pages.nist.gov/800-63-3/.

MDS Alert

Proposed Rule:
Understand Social Determinants for Fiscal Year 2022 QRP PPS Proposed Rule
Hint: Don’t worry, because the new elements are mostly related to data collection. Though experts [...]

ICD-10 Focus:
Sort Through Multitude of Causes to Code Pneumonia
Hint: Narrow down the options by organism. With the triple whammy of the Centers for [...]

Surveys and Compliance:
CMS Provides New Guidance on 'Immediate Jeopardy'
Streamlined guidance intended to keep residents safer. The Centers for Medicare and Medicaid Services (CMS) [...]

Facility Staffing:
Do Your Part for Supportive Workplace Culture
Leading by example can have a huge effect. Nursing facilities are inherently stressful places to [...]

Reader Question:
Know Whether Melatonin Counts as Medication
Question: One of the residents in my facility uses melatonin a few times a week. [...]

Reader Question:
Use 'None of the Above' For this Situation
Question: I am trying to fill out item L0200 (Dental) for a resident who is [...]

Reader Question:
Judge Partial Blindness by Visual Ability
Question: One of my residents is blind in one eye but has lived for decades [...]

Reader Question:
Assess Usage Based on Application
Question: One of the residents in the facility where I work needed a fentanyl patch [...]

Reader Question:
Make Documentation Easier With This Update
Question: How often should we change our passwords for our computers? Right now our information technology [...]

You Be the Coder:
Anatomy Matters for Bronchitis Coding
Question: A resident has been diagnosed with bronchiolitis, but I want to make sure that I [...]

View All