Security (Practice Settings)

lock So important it gets its own article!

This area of the system allows you to set your security and compliance related settings:

Timed automatic sign out, two-factor authentication requirements, login banner that staff and clients see after signing in, 90 day inactive user lockout, record and document deletion, as well as single sign-on (SSO) is all included here.

Read on for more information about each option, top to bottom

Required Role: Owner, Manager, or Staff Administrator (each section below has different access with these three roles)

In this Article:


Access Security Settings

Required Role: Owner, Manager, or Staff Administrator

To access these settings:

  • From any screen click Settings (top right)
  • Click Security (top tab)
  • Find the top section titled Security and Compliance Settings
  • Click (top right) and re-enter your password
  • The button will then turn to indicating you can make changes
  • Review the options for each section below:


Security & Compliance Settings

Required Role: Owner, Manager, or Staff Administrator

timer Automatically sign users out

  • If a client or provider is inactive past this time, they will be signed out automatically
  • They will need to sign back in to resume use

security_update_good Require Two-Factor Authentication


computer Simultaneous Login Limit

  • Limit how many devices / browsers a single user can be logged in with at the same time
  • Logging in with more than the limit will result in the oldest sign in to be logged out

sms Login Banner

  • A paragraph field type that you can enter
  • If enabled, after signing in and before seeing the dashboard, this message will be displayed to both staff and clients shown here:


Inactive Users

Required Role: Owner, Manager, or Staff Administrator

update 90-Day Inactive User Lock-Out

  • Automatically inactivate staff and / or clients after 90 days of inactivity
  • Even with the right password, they won't be able to sign in until reactivated
  • If it's a billable provider account, this is not the same as deactivation and you will be charged until you deactivate the provider

Staff or clients having issues signing in after?

  • To unlock staff: Click here
  • To unlock clients: Unlock them from their client profile via the right hand menu

Records Deletion

Required Role: Owner or Manager

Control permanent deletion permissions for online forms, standard client documents, files, and message attachments in client's profiles under the Docs & Forms tab.

Example:

Remember that record deletion is irreversible, and it's essential to understand your unique professional and legal obligations regarding record retention.

Enabling is on a permissions basis and you can enable it for:

  • Managers
  • Records Custodians
  • Supervisors
  • Therapists
Note: to delete clinically marked documents or online forms, you need the Records Custodian role for that specific provider (or all) that only an owner can enable.

Records Retention Compliance

Required Role: Owner or Manager

Set a yearly threshold where client data will automatically be eligible for deletion via a report. We will never automatically delete clients.

Article: Records Deletion & Report


Range:

  • 2 - 15 years

Single Sign On (SSO)

Required Role: Owner, Manager, or Staff Administrator

You can use your own OpenID Connect provider for staff to sign in to TherapyAppointment.

local_atm Note: The cost for SSO is $5 per month per subscriber.
  • To do so, check off the box:


  • Review the prompt:


  • Click


  • Follow the instructions from top to bottom (screenshot below) to configure
  • Click (bottom right) when done

info Don't know what these values are?

Have questions? Please consult your SSO provider for instructions on this. For security reasons, TherapyAppointment staff unfortunately cannot directly assist with this because this is managed by your SSO provider.

Also related: Settings (top menu) and My Profile