Super Admins can configure key login security features like automatic password expiration and two-factor authentication to help prevent unauthorized access to the Kipu EMR.
Let's review how to configure these options.
- Click on your initials and choose Manage Users.
- Open the Security tab.
- Password Expiration: HIPAA requires that users of EMR systems change their password every 90 days. Your organization may set an expiration in days that abides by your Policies and Procedures.
- Days until password expires: Enter how many days a user can log in with a password. After this number of days has passed the user will be required to create a new password.
- Days to remind user of upcoming password expiration: Enter the number of days before the password expiration. This displays a message on the user login page reminding them of the upcoming change.
- Two-factor Authentication: When logging into the EMR from a new device or browser, the user is required to request and enter a six-digit authentication code, sent by SMS or email (as set up in the user's profile) before they can access the EMR. Click the button to enable.
- You can choose how frequently your users will be required to perform authentication (to a maximum of 180 days). Click Save 2FA Expiration Settings to save your changes.
- Note: Instances with MFA enabled will require users to enter a two-factor authentication code the first time they log into the instance.