Main Content

5 Portal Security Settings You Should Be Using

Posted on by Jenny Wan
Collage of computer CPU and pad lock

5 Portal Security Settings You Should Be Using

As ransomware, hacking, and breaches increase, so does the responsibility of health insurance administrators (Payers) to protect their members’ healthcare data. Payers’ web portals are an important tool for securely sharing information with people who need to see it. However, they’re also critical for keeping healthcare data from getting into the wrong hands.

An old saying says that “An ounce of prevention is worth a pound of cure”, and the security of your web portal is no exception. Use these 5 portal security settings to prevent unwanted access and to protect your members’ healthcare data.


Excluding Dictionary Words from Passwords

Dictionary words make for easy passwords, but they also make it easy for hackers to uncover the passwords. Many use the names of family members, hobbies, or interests as their passwords. Once a hacker figures out what those are (often from social media), it’s easier for them to discover the password and access a user’s account. To combat this, require your users to create passwords that exclude names and dictionary words.

Special Characters

Payers greatly enhance their web portal security when they require users to have passwords with special characters such as: ! @ # % & *. The more special characters a password contains, the more difficult it will be for an intruder to uncover it. To step up your portal’s password security, require the use of special characters.

Multifactor Authentication

If a user lets her login credentials fall into the wrong hands, she’s at risk of those wrong hands trying to log in as her. Multifactor authentication is an extra step of security that can prevent that from happening. After someone enters the username and password, the portal emails or texts the user to confirm it’s an authorized login. By using multifactor authentication, you can increase confidence that when a user logs in, it’s the right user who is logging in.

Routine Password Resets

One of the best cybersecurity habits a user can have is to regularly reset his password. The more frequently passwords are reset, the more of a moving target those passwords become for hackers. To boost your portal’s password security, require your users to reset their password after a certain period of time.

Automatic Account Locks

If a user hasn’t logged in for a long time and suddenly wants access, that can give Payers reason to ask “why?” Does that user really need access or is it an intruder who’s trying to gain access? Determine which of those login attempts are legitimate by automatically locking your users’ accounts. For example, your portal should automatically lock users’ accounts if a user hasn’t logged in for a certain number of days. It should also lock accounts for members who have been terminated from the health plan for a certain period of time. Locked login accounts can always be unlocked by your staff after a user contacts you and you’ve validated the request. But by adding these automatic locks, you’ll proactively prevent outdated login accounts from being used for unsavory reasons.


With these portal settings in place, Payers will on their way to preventing unwanted access to members’ healthcare data. However, securing healthcare data is an ongoing process, and the steps above are only the start.

To further enhance the security of your portal and your healthcare data, schedule a demo with us.

Schedule a Demo