Security Settings |
  
|
Each User is assigned a user password to access the software. Additional enhanced security settings can be configured here.
The screen prompts are:
2- FACTOR AUTHENTICATION - Click here to indicate that 2- Factor Authentication should be enforced. 2- Factor Authentication is an extra level of security beyond the basic User password protection that utilizes the Users email address as well. Since the 2- Factor Authentication leverages the Users email address, it will be mandatory for Users to have an email address configured within APPLICATION USERS (CONFIGURE SYSTEM SETTINGS > SYSTEM > APPLICATION USERS) when this processing it turned on. Using 2- Factor Authentication will also ensure that Users who log in on a new PC via a browser will be authenticated by emailing the User with a verification code to authenticate the new PC. Please call the Auditdata Support Department and speak to a support representative if you have questions on whether this enhanced security option would be a benefit to your clinic.
2- FACTOR AUTHENTICATION EMAIL SUBJECT - If using 2- Factor Authentication, enter the email subject line to be used in the automated authentication email to the user that will deliver them a verification code.
2- FACTOR AUTHENTICATION EMAIL TEMPLATE - If using 2- Factor Authentication, enter the HTML template to be used when emailing Users their verification codes. Browse your files and attach the HTML template to be used. Use the tag <<code>> where the verification code should appear in the email text. Using the tag <<name>> will include the User's name where indicated.
FORGOT PASSWORD EMAIL SUBJECT - If using 2- Factor Authentication, enter the email subject line to be used when emailing Users a new temporary password. Note that a user will only have 1 day to use a temporary password before it expires and once a temporary password is used once, it may never be used again. Once a user logs in with a temporary password, that user will not be able to access a function until they enter a new password.
FORGOT PASSWORD EMAIL TEMPLATE - If using 2- Factor Authentication, enter the HTML template to be used when emailing Users a temporary password. Browse your files and attach the HTML template to be used. Use the tag <<password>> where the verification code should appear in the email text. Using the tag <<name>> will include the User's name where indicated.
ACCOUNT LOCKOUT ATTEMPTS - Indicate how many failed log in attempts a user can have before the account is locked. If left blank, or zero is entered, then no lock out functionality will apply.
ACCOUNT LOCKOUT DURATION - Indicate how long a user who has exceeded the failed log in attempts will be locked out for. This will lock the user out of the software (even if they enter the correct password) for this specified duration of time, or until the account is manually unlocked within CONFIGURE SYSTEM SETTINGS > SYSTEM > APPLICATION USERS by UN checking the ACCOUNT LOCKED flag.
USER PASSWORDS EXPIRE EVERY - You can set up a schedule for how often you want your users to be forced to change their passwords. Leave this field blank if you never want users to be prompted to change their passwords. A field in APPLICATION USERS automatically tracks when the last password change was completed and is what the system uses to calculate the prompt for the password change formula.
CHANGE INVOICE PASSWORD - Enter the password that will be required to make changes to invoices. Use up to 15 characters.
CHANGE PATIENT STATUS PASSWORD - Enter the password that will be required to change a patientÂ’s status. Use up to 15 characters.
OVERRIDE DISCOUNT PASSWORD - Enter the password that will be required in order for users to apply discounts. If setting up a discount password and supplying a user with a discount password, it is important to note that the user will be allowed to discount ALL products. Even products which are flagged to not allow discounts will be allowed discounting with the password.
OVERRIDE DISCOUNT PASSWORD EXPIRES EVERY - You can set up a schedule for how long a Discount Password will be valid.
OVERRIDE DISCOUNT PASSWORD INITIAL USAGE - Enter the date that the latest Discount Password was created. This will be the date that the "EXPIRES EVERY..." will be based on. If this date is left blank, the date will auto populate based on the first time this password is successfully used.
VISIT NOTE EDIT DAYS - If you want to enforce a time limit on how many days a user can edit a visit note for before it is locked, then indicate the number of days here. Be aware that 1 day = 24 hours. The day number recorded here reflects how many days after the actual day the note was created (regardless what date was used on the visit note) . If this field is left blank, it will be a standard 1 day to edit a note. Within Application Users (CONFIGURE SYSTEM SETTINGS > SYSTEM > APPLICATION USERS) you can indicate that a user has unlimited visit note editing permissions regardless of date.
PATIENT REPORT EDIT DAYS - If you would like to enforce that patient report automatically lock after a certain amount of days, enter the amount of days a patient report should lock, based on the CREATED date. If you do not want patient reports to lock, leave the field for amount of days blank.
STRONG PASSWORD ENFORCEMENT - Check this field if passwords created (after turning on this feature) will need to follow any of the below password rules. Note that turning this enhancement on, will not apply strong password enforcement to previously stored passwords. These rules will be applied only to new User passwords as well as new passwords for CHANGE INVOICE PASSWORD, CHANGE PATIENT STATUS PASSWORD and OVERRIDE DISCOUNT PASSWORD.
MINIMUM LENGTH - Indicate the minimum character length a password must be.
MUST CONTAIN ALPHA - Indicate that a password must include at least one alphanumeric character.
MUST CONTAIN NUMERIC - Indicate that a password must include at least one numeric character.
CANNOT REUSE PREVIOUS X PASSWORDS - Indicate that a User cannot reuse a password from within a specified number of their previously created passwords.