Ensure all users log in to their CHR account with two-factor authentication.

Ensure CHR users use HIPAA-compliant passwords.

Set a password expiry interval or recommend users change their CHR password regularly.

Set how many failed sign-in attempts are allowed before a user is locked out, and the length of time they are locked out.

Allow only specific IP addresses to access your clinic's CHR domain.

Monitor CHR user activities regularly by requesting CHR user activity and access logs.

Monitor activity in a patient chart by reviewing recent patient chart activity.

Control access to patient charts through the CHR user permissions settings.

Restrict access to certain patient charts.

Restrict access to specific encounter notes.

Ensure all users set their account time-out duration after a period of inactivity (extremely important when using a shared workspace). Alternatively, ensure users log out of the CHR or lock their workstation when they leave their computer.

Prevent users from logging into their CHR accounts on multiple devices simultaneously to ensure they don’t leave an unattended workstation logged in.

Enable privacy mode when you share your CHR screen with your patients. Patient names in the scheduler and in the opened patient charts list are blurred.

Send messages to your patients using the patient portal instead of sending information to their email account.

Use Instant Chat or the internal messaging feature to discuss patients with other clinic users instead of sending information to their cell phones or personal email accounts.

When using any of the TELUS CHR apps and products to collect personal health information via Qnaires (such as eBooking, Patient Portal, virtual visits, Intake and Connect), you can add your own customised privacy and consent terms that patients see every time they complete a Qnaire. See Adding privacy and consent terms (disclaimer) to your Qnaires.