By default, our Health Management Portal has very stringent HITRUST-designated security requirements, but in cases where your organization has more specific security requirements, we can enforce an even higher level of security through client-level security options. These customizable security options allow you to utilize specific security requirements from your IT team for your organization’s user accounts. Organizations that have enhanced regulatory requirements around access security can provide those requirements to our client success team for configuration.

Portal User Access Management (Configured for your entire organization)

Below are a list of configurable options that can be set for all of the users in your organization:

• Minimum password age (in days)
• Maximum password age (in days)
• Retained password history (how many passwords are remembered and prevented from re-use)
• Login inactivity timeout (in days – how many days before an account is disabled due to inactivity)
• Enabling required Two-Factor Authentication (2FA) for all users

Some of these settings may be enabled initially because of contractual requirements with your organization.

To enable any or all of these security settings, please contact your Client Service Representative.

User Role-Based Settings

Administrators have the ability to create and manage your organization’s users of the Portal. This includes who they assign raw data access to. Raw data access allows users to download sensitive patient data. Restricting this access to specifically authorized users allows your organization to maintain HIPAA compliance.

Administrators may also see a list of all users and verify their Two-Factor Authorization (2FA) set-up status. From this table, Administrators may send reset password requests to users, deactivate or delete users. This is useful if users have left or otherwise changed status within your organization.

HRA Inactivity Time-out

In addition to Portal security features, HRAs may be customized to time-out after inactivity. This protects end-users who may be accessing your HRAs from a public computer or shared device.

To enable this feature, navigate to the Customization section for the HRA and select the Inactivity Timeout tile. Click Yes to activate the feature and select the length of time (in minutes) of inactivity before the HRA will timeout. Click Save and Publish to make your changes live.

For more help with enhancing security within our Portal platform, please contact your Client Service Representative.