UW Medicine implemented a new policy requiring users to change passwords at least once every 120 days. In the first two password change cycles, many users did not take action upon notification, and their passwords expired, causing high help desk loads. Compliance and support loads improved in subsequent cycles. We conclude that policy changes requiring user behavior modification should be seen as a cultural change, and the implementation strategy should consider socio-technical factors.