According to Pricewaterhouse Coopers (PwC) Health Research Institute's January report, "Top Health Industry Issues of 2013: Picking up the pace on health reform," hospitals need to address identity management issues for patient and employee mobile access to information. BYOD password policies should insist on strong passwords -- no dictionary words -- and be void of personal information. Passwords should be eight characters in length and use a combination of upper and lowercase letters with at least one number and one character. Consider using multifactor authentication. PwC touts a role-based system that tightly manages privileges based on each employee use case. Care must be taken to assign staff to the correct roles and then to set the access permissions for each role correctly with respect to the need to know. The system needs auditing and reporting capabilities.