HIPAA Password Compliance

The HIPAA Privacy Regulations require that appropriate administrative, technical, and physical safeguards are in place to protect the privacy of protected health information.

The following represents the minimum requirements for your NJMHAPP password.

• Password complexity: Must not contain significant portions (three or more contiguous characters) of your account name or full name, must be at least eight (8) characters in length, must not use control characters and other non-printing characters, and must contain characters from at least three of the following four categories arranged in any order.
• English uppercase characters (A through Z)
• English lowercase characters (a through z)
• Base 10 digits (0 through 9)
• Non-alphabetic characters: ~!@#$%^*&;?.+_
• Maximum age: All passwords must be changed at least every sixty (60) days.
• History: Set at six (6), meaning the password needs to be set six times before it can be reused.
• Account Lockout Threshold: After five (5) unsuccessful attempts to enter a password, the involved user-ID will be temporarily disabled for five (5) minutes after which the account will be automatically unlocked.

Guide to Creating A Secure Password

Passwords must be a minimum of eight (8) characters long and alphanumeric. Passwords should not be based on one's user name, actual name or any dictionary name; i.e., a good password should not contain standard words. The longer your password is the more secure it will be.

User Login Policy

Per DMHAS policy and guide lines, NJMHAPP users who have not logged in within the last 90 days will be disabled automatically in NJMHAPP. If any user's NJMHAPP account is disabled due to this rule, must contact NJMHAPP administrator within their agency to get new user credentials.