To add additional Security Settings to your account, navigate to the Settings module, select the Security option and click Account

Please note, only the account owner is able to view this section. In most cases, the CHR team is set as the account owner. If you would like to have any of these settings changed/added, please reach out to our Support Team via the Blue Support Bubble.


Trusted IP Address Ranges

The CHR has recently added a new security setting for clinics to only allow certain I.P. addresses to access an account.

IP address stands for internet protocol address; it is an identifying number that is associated with a specific computer or computer network.

This feature is only suitable for clinics that always utilize static IP addresses to access the CHR (i.e. ones that never change). If you use the CHR on any connection that has a dynamic IP address (one that is not fixed) or are not absolutely certain that you have a static IP address, please do not activate this feature as it will lock out users that are not accessing via the defined IP addresses.

Once you have added a trusted IP address, anyone trying to access your CHR account will need to be on a network with that address or they will see the following screen:


Allow Concurrent Sessions

This feature can be enabled or disabled. When enables, it allows users to sign in from multiple devices simultaneously. All users within the clinic account will be affected by changes to the feature.


Password Compliance

HIPAA Compliant:

Users can be required to follow the HIPAA Guidelines for password creation as detailed below by selecting Enable.

Password Expiry Interval:

Passwords can be set to expire after a defined interval by selecting from the dropdown menu under Password Expiry Interval

Account Lockout:

The Account Lockout Threshold can be set to a certain number of failed sign-in attempts before the user is locked out. The Account administrator can select from 5 (default), 7, 10 and 15 times.

Duration of Lockout can also be set (15min, 30min, 1 hour, 12 hours or 24 hours).

A locked account cannot be used until someone with the appropriate permissions resets (Unlocking a User's Account) it, OR until the number of minutes you have set as duration for lockout has expired.

💡 Remember to click 'Save Setting'


Request Login History

This is where a user can request a log of when usernames and passwords were used to log into a specific CHR account.


Last updated March 2021

Did this answer your question?