Maybe a better question is, “Do passwords matter?” I’ve seen password requirements become more and more painful through the years at the same time that the number of security breeches has skyrocketed. The reason is that investing time in hacking into the online application database is far more rewarding than brute-force hacking a single end user’s password. In other words, all the secure passwords in the world won’t do any good when a hacker (or state-sponsored team of hackers) can simply siphon my data out the back end. Providers and online vendors should care more, and we should make them care more by refusing to purchase from them until they can guarantee security. Instead, with every breech, they send more and more ineffective and inconvenient password complexity down to end users as if we are to blame for their bad coding.

HIPAA Compliance is “the elephant in the living room” these days. Companies that fall under its rules generally know it, but alarmingly few companies do anything to even assess their current adherence to the rules. It’s like they would rather not know.

I get it. I’m that way about cancer. If I never get tested, then I’ll never have to face a hope-crushing diagnosis. I’ll keep my head in the sand about my health, but I want YOU to check into your HIPAA compliance!