How to prevent staff from accessing Clinicea from outside the Clinic

How to Access Security Preferences

Log in to Clinicea with an account that has administrator access.

Go to Tools from the top menu.

Select Organization Security.

This section contains all the available login and access security settings for your organization.

Step 1: Login Credentials

This section allows you to define how users can log in to Clinicea.

Login Type

You can choose the authentication method your clinic wants to allow, such as:

Email / Password

Other supported login methods (if enabled for your organization)

Selected Login Credentials

Displays the currently active login methods for your clinic.

Why it matters:

This ensures your organization can standardize how staff access the system and reduce confusion around multiple login options.

Step 2: Email / Password Enable 2FA

Two-Factor Authentication (2FA) adds an extra layer of protection by requiring users to verify their identity beyond just a password.

In Clinicea, 2FA can be configured separately for:

Administrators

All Other Staff

External Practitioners

How it Works

2FA is triggered when a user logs in from outside the clinic network (outside the allowed IP address range, if configured).

Recommended Best Practice

Enable for Administrators at minimum

Enable for All Staff for higher security

Enable for External Practitioners if remote access is common

Why it matters:

Even if a password is compromised, unauthorized users cannot log in without the second verification step.

Step 3: IP Access Restrictions

This feature allows your clinic to restrict logins only from approved IP addresses.

Example:

1.2.3.4

Or use wildcard format:

103.171.247.*

This is especially useful when your clinic wants staff to access Clinicea only from within the clinic premises.

Benefits

Prevents home/public network access

Reduces risk of unauthorized login attempts

Keeps patient data within clinic-controlled networks

Important Note

Users marked as Admin in Clinicea can still retain broader access depending on organization policy, so configure carefully.

Sptep 4: Advanced Security Settings

Enforce Strong Password for All Users

When enabled, all users must create stronger passwords that meet security requirements.

Password Rules:

Minimum 8 characters

At least 1 uppercase letter

At least 1 lowercase letter

At least 1 number

At least 1 special character

Example Strong Password:

Clinic@2026

Why it matters:

Weak passwords are one of the most common security risks. Strong password enforcement significantly reduces this threat.

Step 5: Password Protect Attachments in Communication

When enabled, files shared in communication modules are password protected automatically.

Default Password Logic

The password will be the Year of Birth of the Patient

Example:

If patient DOB year = 1977, then attachment password = 1977

Use Case

When sending invoices, medical reports, prescriptions, or sensitive documents via email or communication channels, recipients must enter the password to open the file.

Why it matters:

Even if an email is forwarded or intercepted, the attachment remains protected.

Step 6: Logout All Users Across All Devices

This emergency security feature allows administrators to instantly sign out all users currently logged in to Clinicea.

When to Use:

Suspicious account activity detected

Shared device left unattended

Staff member leaves organization

Security policy updates applied

After password reset or breach concern

Action Button:

Log-Out All Users

Why it matters:

Immediate organization-wide logout helps contain security risks quickly.

Updated on: 28/04/2026