This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Login Monitoring Policy: Security Awareness Training

Reference: 45 CFR § 164.308(a)(6)
Last Updated: January 26, 2024


Goal: Implement procedures to monitor log-ins and report discrepancies related to this activity.

The purpose of this policy is to identify unauthorized attempts to penetrate systems thru the illicit use of existing users’ passwords.


Procedure: Whenever feasible the Security Manager shall use software to monitor log-in attempts into the systems.

  • Software shall detect failed attempts and lock out the user after three unsuccessful attempts in a period of five minutes.
  • Repeated instances of failed attempts under the same user name shall require:
    • Investigation by Security Manager of potential threat.
    • Deletion of user from system and re-establishment of rights under a different name/password.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram