Skip to main content


Kareo Help Center

Set Security Policy

Updated: 12/14/2019
Views: 1079

The Security Policy section lets you to set various password and login rules that apply to all users in your practice. These settings are important for proper compliance with the patient privacy regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Kareo automatically applies a basic set of defaults that meet the needs of most companies, however, System Administrators have the option to change any of the following settings:

  • Minimum password length
  • Password character class requirements
  • Number of days before a password expires
  • Number of unique passwords before one can be reused
  • Number of failed login attempts before a user is locked out of their account

Navigate to Security Policy

  1. Hover over the User icon and click on Practice Settings. The Practice Settings page opens.
  2. Click Kareo. Additional setting options expands.
  3. Click Security Policy. The Security Policy page opens.


Set Security Policy

  1. Minimum password length: Select 1–8 from the drop-down menu to set the minimum number of characters required for a password.
  2. Character Requirements: Click to select one or more to specify which character classes are required for passwords.
  3. Password expiration: Select 30, 60, 90, or 120 from the drop-down menu to specify the number of days a password will be valid. Upon expiration, a user will be prompted to set a new password.
  4. Password reuse: Choose 5, 10, or 15 from the drop-down menu to set the number of unique passwords that must be created before a password can be reused.
  5. Login attempts: Select 3, 4, 5, or 6 from the drop-down menu to set the number of successive failed login attempts that will be allowed before a user's account is locked.
  6. Click Save when finished.



  • Was this article helpful?