Help

Change Password

To change your password, enter your current password and your new password twice in the spaces provided on the Change Password form. Read the Frequently Asked Questions below for information about Cotiviti's password policy.

What is your password policy?
Below is Cotiviti's HIPAA-compliant password policy. Your account may have a stricter policy than this one if desired.

  • Passwords must contain at least eight characters.
  • Passwords must contain at least one special character, i.e. a character that is not a letter or a number, such as one of the following: !@#$%^&*-_=+?.
  • Passwords must contain at least one lower-case letter.
  • Passwords expire every 90 days. You will be prompted to change your password within 14 days of expiration.
  • Passwords cannot be changed more frequently than every five days.
  • At least two different passwords must be used before a previously used password can be reused.
  • New passwords must be at least 30% different than previous passwords.
  • Passwords are disabled for 60 minutes after three consecutive failures logging in.
  • Passwords are case-sensitive (but login IDs are not).
  • Passwords are encrypted in the Cotiviti database. Customer Support cannot look up your password, nor should you give your password to a Cotiviti representative or anyone else.
  • Forgotten passwords will be reset to a randomly generated password that must be changed by the requestor when logging in.

Why do you have a password policy?
As part of Cotiviti's commitment to security and being HIPAA-compliant, we have implemented a password policy that meets the proposed HIPAA security rule. Cotiviti is dedicated to the security of your data and the private health information that is contained on our servers.

Why are passwords case-sensitive now?
The HIPAA security rule requires passwords to be case-sensitive. Case-sensitive passwords are much harder to guess than case-insensitive ones. For example, oranGes4mE! is much more difficult to guess because of the two upper-case letters in unusual positions.

Why do I have to change my password?
The HIPAA security rule requires passwords to be changed on a regular basis. This helps prevent hackers from gaining access to old passwords, and helps avoid security breaches due to employee turnover.

How often do I have to change my password?
Every 90 days or more often.

Will I be alerted that my password is about to expire?
Yes. Beginning 14 days before your password expires, each time you log in you will be asked if you want to change your password. You can decline, but you will be required to change your password when it does expire.

Why do I have to use a special character in my password?
The HIPAA security rule requires passwords to contain at least one character that is not a letter or a number. This makes is more difficult to guess your password.

Why can't I use my login ID (username) or personal name as my password?
Passwords that contain your login ID or your personal name are relatively easy to guess, so they are not allowed.

Can I reuse an old password?
Yes, but you must use at least two new and different passwords before you can reuse an old password.

Can I just change the last character or add a character to my old password to create a new one?
No. The HIPAA security rule requires a new password to be significantly different than previous password. For example, if your old password is oranGes4mE!, you cannot change it to oranGes4mE?.

What happens if I mistype my password?
If you mistype your password three times when trying to log in, your password will be disabled for 60 minutes. This is a security measure to prevent hackers from repeatedly guessing at your password. If you are locked out, wait 60 minutes and try again, or contact Customer Support at 800-489-8549 to unlock your password. You may be required to provide verification of your identity.

What if I forget my password?
Contact Customer Support at 800-489-8549. They will give you a randomly generated password over the phone (not by e-mail). You will be required to change the password the next time you log in. You may be required to provide verification of your identity.