Articles on: Administration

How to prevent staff from accessing Clinicea from outside the Clinic

How to Access Security Preferences

Log in to Clinicea with an account that has administrator access.
Go to Tools from the top menu.
Select Organization Security.
This section contains all the available login and access security settings for your organization.


Step 1: Login Credentials

This section allows you to define how users can log in to Clinicea.


Login Type
You can choose the authentication method your clinic wants to allow, such as:
Email / Password
Other supported login methods (if enabled for your organization)
Selected Login Credentials
Displays the currently active login methods for your clinic.


Why it matters:
This ensures your organization can standardize how staff access the system and reduce confusion around multiple login options.





Step 2: Email / Password Enable 2FA

Two-Factor Authentication (2FA) adds an extra layer of protection by requiring users to verify their identity beyond just a password.
In Clinicea, 2FA can be configured separately for:


Administrators
All Other Staff
External Practitioners


How it Works
2FA is triggered when a user logs in from outside the clinic network (outside the allowed IP address range, if configured).


Recommended Best Practice
Enable for Administrators at minimum
Enable for All Staff for higher security
Enable for External Practitioners if remote access is common


Why it matters:
Even if a password is compromised, unauthorized users cannot log in without the second verification step.


Step 3: IP Access Restrictions


This feature allows your clinic to restrict logins only from approved IP addresses.
Example:
1.2.3.4


Or use wildcard format:
103.171.247.*


This is especially useful when your clinic wants staff to access Clinicea only from within the clinic premises.


Benefits
Prevents home/public network access
Reduces risk of unauthorized login attempts
Keeps patient data within clinic-controlled networks


Important Note
Users marked as Admin in Clinicea can still retain broader access depending on organization policy, so configure carefully.



Sptep 4: Advanced Security Settings

Enforce Strong Password for All Users
When enabled, all users must create stronger passwords that meet security requirements.


Password Rules:
Minimum 8 characters
At least 1 uppercase letter
At least 1 lowercase letter
At least 1 number
At least 1 special character


Example Strong Password:
Clinic@2026


Why it matters:
Weak passwords are one of the most common security risks. Strong password enforcement significantly reduces this threat.



Step 5: Password Protect Attachments in Communication

When enabled, files shared in communication modules are password protected automatically.


Default Password Logic
The password will be the Year of Birth of the Patient


Example:
If patient DOB year = 1977, then attachment password = 1977


Use Case
When sending invoices, medical reports, prescriptions, or sensitive documents via email or communication channels, recipients must enter the password to open the file.


Why it matters:
Even if an email is forwarded or intercepted, the attachment remains protected.



Step 6: Logout All Users Across All Devices

This emergency security feature allows administrators to instantly sign out all users currently logged in to Clinicea.


When to Use:
Suspicious account activity detected
Shared device left unattended
Staff member leaves organization
Security policy updates applied
After password reset or breach concern


Action Button:
Log-Out All Users


Why it matters:
Immediate organization-wide logout helps contain security risks quickly.



Updated on: 28/04/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!