A. It is really important to actively manage user names and passwords in the practice. When a staff member leaves practice employment, their user name and password should be disabled. If you have not reviewed user names and passwords in a while then now is a good time. The publication No Data No Business, available from www.icgp.ie/gpit says: "Staff should use their own individual accounts when logging onto Windows and when logging onto the GP system. In the event of accidental or malicious damage to data, with proper auditing enabled, it is possible to trace back to the account that caused the damage. Strong passwords should be set up on each account.