Passwords and Password Resets
If your health care facility (business / clinic / practice) has enrolled online with HCAI,, the Authorizing Officer will have received a password upon completion of the online registration process. The facility will be activated about 10 business days prior to its effective date.
If your health care facility re-enrolled with HCAI, the Authorizing Officer will have received an email from systemdelivery@hcai.ca with a user name and password. This activation email is sent about 10 days prior to a facility’s effective date.
Once the health care facility is activated, when you log into HCAI and navigate to the Facility Management tab the facility will appear in the “Approved” state.
The Authorizing Officer must then set up additional users. The Authorizing Officer (AO) and any person to whom a “User Administrator” profile is assigned (by the AO) can reset passwords.
Chapter 3 of the HCAI User Manual (Web Users) explains passwords in more detail
It is the responsibility of each health care facility to ensure that they are in compliance with PIPEDA and PHIPA. You may wish to have written procedures in place around the handling of passwords in your facility.
For more information about passwords, click on either of the following headings:
Password Tips
- Password resets can be done internally, at your facility, by a user who has "User Administration" rights
- Ensure that all persons in your facility know who the user administrator is. That way, if a user becomes suspended due to entering an incorrect password, the password can be reset internally.
- Inform your staff that only those persons with user administrator rights are able to request a password reset from Helpdesk.
- Read chapter three of the Web User Manual to learn how to manage passwords in your organization.
Password FAQs
- How Can I reset my password when I am suspended from my account?
The Authorizing Officer (AO) or User Administrator (UA) at your clinic/practice should reset your password.
Each clinic/practice has an AO. AOs are advised to set up at least one UA. If you are not sure who is the AO or UA, ask the owner or senior manager of the practice.
- I don’t know who the Authorizing Officer (AO) or User Administrator (UA) for my health care facility is. How can I find out?
Every health care facility in HCAI has an Authorizing Officer (AO). In addition, the AO may have assigned other User Administrators (UA). If you are not sure who the AO or UA is, ask the owner or senior manager of the facility.
- I am a User Administrator [UA] or Authorizing Officer [AO] and my account is suspended. How do I get a password reset?
When your practice was first activated, the AO was advised to set up a back-up UA. That means that there should always be at least two people (the AO and one or more UA) in the organization who have the capability to reset passwords. If the AO or UA is suspended, they should have the other person (another UA or the AO) and request that the password be reset.
- I am the AO and am suspended from my account. I did not set up a back-up UA to reset my password. How can I get a password reset?
- How can I design a password that is secure, but easy to manage?
Some common features of secure passwords are:
- Minimum of 6 characters
- Do not use words, names or dates (hackers love these)
- Use as many as possible of large and small cap letters, numbers and special characters (&^#<)
- You only need to design one good password and you can use it everywhere and forever! (Maybe a second one if there is lots of money in that account)
Examples (you can’t use these, get creative)
- J&Jwuth2 (Jack and Jill went up the hill to)
- 2L8aga1n (too late again)
- Use a line from a favourite song, a saying someone uses, a line of poetry etc.
- Use “zero” for “o”, number one for “L” or “I”, “8” for the “eh” sound, “&” for “and”, insert commas to separate letter strings or numbers
Tips for Re-using Secure Passwords
Examples:
- J&Jwuth2 becomes J&Jxuth2 or J&Jvuth2
- 2L8aga1n = 2L8aga2n
TIP: If you need to write it down, write only the letter or number you have changed.
- I work share with another staff member, can we share passwords?
Sharing passwords is not a best practice. HCAI permits each user to have a distinct username and password and still be able to share work with another person.
However, we understand this can be an issue with managing work flow. Be aware that HCAI can track only whose password has been used; HCAI cannot determine which person entered it. Come to an understanding with your partner about the necessity of not sharing passwords with others and accessing only what is necessary to your role. If you feel your partner is not following the rules speak to your manager. If you have knowledge abut a possible privacy breach and do not report it, the law considers you just as responsible as the person committing the breach.
- How can I avoid getting suspended from my account?
For security reasons, if a password is entered incorrectly three tries in-a-row, the user account will be suspended. At that point, you must request your clinic’s Authorizing Officer or a User Administrator to reset your password.
Here are some tips to prevent this:
- If you copy and paste a password, be sure you have not included spaces in the copied text. The space will invalidate your password.
- Passwords are case sensitive. Take care to type it in correctly.
- If you have incorrectly entered your password (or username) twice, do not try a third time. Instead, click on the link to reset your password (see figure 1). A new temporary password will be sent to you by email.
Figure 1: Avoid getting suspended
|
