Skip to main content


Kareo Help Center

Set Security Policy

The Security Policy section lets you to set various password and login rules that apply to all users in your practice. These settings are important for proper compliance with the patient privacy regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Kareo automatically applies a basic set of defaults that meet the needs of most companies, however, System Administrators have the option to change any of the following settings:

  • Minimum password length
  • Password character class requirements
  • Number of days before a password expires
  • Number of unique passwords before one can be reused
  • Number of failed login attempts before a user is locked out of their account

Navigate to Security Policy

  1. Hover over the User icon in the top right of your screen and click Practice Settings to open the Practice Settings page.
  2. Click Kareo on the left menu. The drop-down menu opens.
  3. Click Security Policy. The Security Policy page opens.

KMB set security policy 1.png

Set Security Policy

  1. Minimum password length: Select 1–8 from the drop-down menu to set the minimum number of characters required for a password.
  2. Character Requirements: Check one or more boxes to specify which character classes are required for passwords.
  3. Password expiration: Select 30, 60, 90, or 120 from the drop-down menu to specify the number of days a password will be valid. Upon expiration, a user will be prompted to set a new password.
  4. Password reuse: Choose 5, 10, or 15 from the drop-down menu to set the number of unique passwords that must be created before a password can be reused.
  5. Login attempts: Select 3, 4, 5, or 6 from the drop-down menu to set the number of successive failed login attempts that will be allowed before a user's account is locked.
  6. Click Save when finished.

KMB set security policy 2.png

  • Was this article helpful?