The UCD HIPAA Security Officers coordinated with the HIPAA Security Officers and CIOs from UCH, UPI, TCH, NJH, DH&H, and VA to develop a set of password standards that were determined to represent industry best practices and would be viewed to be reasonable to a security auditor.  See http://www.uchsc.edu/is/policies/ans3.htm for more on the UCD interpretation of the rule.

The UCD Password Policy was implemented with the approval of University leadership after consultation with our healthcare affiliates, UCD LAN Administrators, and the UCD Senior Administrators Group.  While there was recognition that the new password policy represented a change, there was no opposition to the policy from any of these groups.