Security (Practice Settings)

lock So important it gets its own article!

This area of the system allows you to set your security and compliance related settings:

Automatic sign out, two-factor authentication, login banner, inactive user lock out and record deletion, as well as single sign-on (SSO).

Read on for more information about each option, top to bottom

Required Role: Owner or Manager

In this Article:

Access Security Settings

If you're not coming straight from our practice settings article, to access these settings:

  • From any screen click Settings (top right)
  • Click Security (top tab)
  • Find the top section titled Security and Compliance Settings
  • Click (top right) and re-enter your password
  • The button will then turn to indicating you can make changes
  • Review the options for each section below:

Security & Compliance Settings

timer Automatically sign users out

  • If a client or provider is inactive past this time, they will be signed out automatically
  • They will need to sign back in to resume use

security_update_good Require Two-Factor Authentication

computer Simultaneous Login Limit

  • Limit how many devices / browsers a single user can be logged in with at the same time
  • Logging in with more than the limit will result in the oldest sign in to be logged out

sms Login Banner

  • A paragraph field type that you can enter
  • If enabled, after signing in and before seeing the dashboard, this message will be displayed to both staff and clients shown here:

Inactive Users

update 90-Day Inactive User Lock-Out

Automatically inactivate staff and / or clients after 90 days of inactivity.

Staff or Clients having issues signing in after?

  • To unlock staff: Click here
  • To unlock clients: Unlock them from their client profile via the right hand menu

Records Deletion

Control permanent deletion permissions for online forms, standard client documents, files, and message attachments in client's profiles under the Docs & Forms tab.

Example:

Future updates to its capability will include additional data types, such as progress notes and treatment plan entries.

Remember that record deletion is irreversible, and it's essential to understand your unique professional and legal obligations regarding record retention.

Enabling is on a permissions basis and you can enable it for:

  • Managers
  • Records Custodians
  • Supervisors
  • Therapists
Note: to delete clinically marked documents or online forms, you need the Records Custodian role for that specific provider (or all) that only an owner can enable.

Records Retention Compliance

This will be used in our future update with deleting clinical notes (from the client profile records tab).

Set a yearly threshold where client data will automatically be eligible for redaction/removal after this many years. It will be reviewable on a report.

We will never automatically delete any records from the system.

Remember it's essential to understand your unique professional and legal obligations regarding record retention.

Range:

  • 2 - 15 years

Single Sign On (SSO)

You can use your own OpenID Connect provider for staff to sign in to TherapyAppointment.

local_atm Note: The cost for SSO is $5 per month per subscriber.
  • To do so, check off the box:


  • Review the prompt:


  • Click


  • Follow the instructions from top to bottom (screenshot below) to configure
  • Click (bottom right) when done

info Don't know what these values are?

Have questions? Please consult your SSO provider for instructions on this. For security reasons, TherapyAppointment staff unfortunately cannot directly assist with this.
Also related: My Profile