Security Overview

  • Updated

The Kipu EMR has built-in security settings that help organizations abide by HIPAA guidelines

For the protection of our clients and the PHI in your instance, Kipu staff members are not able to modify a patient's chart or user profiles for your facility per HIPAA regulations.

Security Features

The following security features can be enabled based on your workflow needs and security policies.

Feature Description
Login Security
  • Password Expiration: HIPAA requires that users of EMR systems change their password every 90 days. Your organization may set an expiration in days that abides by your Policies and Procedures. 
  • Two-factor Authentication: When logging into the Kipu EMR from a new device or browser, the user must request and enter a six-digit authentication code, sent by SMS or email (as set up in the user's profile) before accessing the EMR. This feature is strongly recommended.
  • Time-out: If the user is idle for 15 minutes, the system will automatically log them out.
Authorized Device Workflow

You can restrict user access by device and IP address using the combination of the settings below. This security measure ensures that users can only access the Kipu EMR from specific devices within your workplace.

  • Restrict device access: This is a user-specific feature and should only be assigned to individuals that will work exclusively on authorized devices. These devices are typically housed within the workplace premises.
  • Authorize Devices: Users with the feature Restrict Device Access enabled will only be able to log in on an approved device from an authorized browser. 
  • Authorize IP Addresses: This allows users to log into the EMR only while connected to the specified IP(s).
Restrict Patient Contact Info

Prevent specific users from seeing patient addresses, phone numbers, and email addresses. 

Restricted Patients

Restrict access to specific patient charts by users or care team.

Protected Tabs

Restrict access to individual tabs on the patient chart to specific users. 

Failed Logins

After 6 failed attempts to log in, the Kipu EMR will lock your user profile. Please use the Forgot Password link to unlock your profile or wait 30 minutes. This is a system setting and cannot be updated.

Security Tips

  • Always follow your organization's security policies and procedures.
  • User access (e.g., roles) should not exceed the permissions needed to do their job. Giving access beyond what is necessary can result in unintended deletions, modifications, or mishandling of PHI. The Super Admin role should be reserved for a selected trusted few in your organization. You can learn more about User Roles here.
  • Never allow your browsers, computers, or portable devices to save login credentials.
  • When working in the Kipu EMR, never leave computers unattended. If a user needs to tend to other matters, always save the work and sign out.
  • If your workplace is not private, consider adding a privacy filter for your computer screen.
  • If you are authorized to work outside your organization's premises, never leave your screen exposed to others.
  • Change your password on a regular basis (at least every 90 days according to HIPAA standards). 

Was this article helpful?

5 out of 8 found this helpful

Comments

0 comments

Article is closed for comments.