Resource Center

Security Management

CharmHealth EHR: Essential Security Measures

CharmHealth EHR offers a range of features designed to enhance account security and protect patient data. We strongly encourage all practices to utilize these features for controlled access to sensitive information.

Practice Admin and Office Managers can enforce practice-level security policies, ensuring that all practice members adhere to the best practices for data protection. By implementing the measures below, you can safeguard patient information and maintain compliance with regulatory standards.

Enforce a Strong Password Policy

A strong password, along with periodic changes, is essential for ensuring the security of your CharmHealth account.The stronger and more complex the password, the harder for unauthorized users to gain access.

Also, it is important to change your password periodically say, every three months.

Practice Admin and Office Managers can enforce a strong password policy for your practice members from the Settings > Security > Policies section. Here you can configure the minimum password length, set expiry, refuse reuse, and determine the password complexity.
Password Policy for Practice Members

Mandate Two-Factor Authentication

Enabling two-factor authentication (2FA) for your CharmHealth account adds an extra layer of security. With 2FA, you will need to provide a second form of verification, such as a code sent to your mobile device, in addition to your account password. This helps to protect your account even if your password is compromised.

CharmHealth EHR supports 2FA using Authenticator apps (like Google Authenticator etc.), Hardware tokens, and SMS.

Practice Admin and Office Managers can mandate two-factor authentication for your practice members from the Settings > Security > Policies section.
Mandate Two-Factor Authentication

Review Facility Member Accounts

Reviewing your practice members' accounts and deleting or locking any unused accounts is essential for maintaining security.

Have a routine review of your practice members' accounts. For those who no longer require access, either lock the accounts temporarily or delete them permanently to prevent unauthorized access.

Practice Admin and Office Managers can manage your practice members' accounts from the Settings > Facility > Facility Members section. This will prevent any unauthorized access to Patient data.
Review Facility Member Accounts

Monitor Security Incidents

The Practice Admin and Office Managers can regularly monitor the security incident report available under the Settings > Security > Security Incident Reports section. This will help in identifying suspicious attempts to access your members' accounts.
Monitor Security Incidents

Security Measures for Individual Users

Security policies enforced by the Practice Admin are effective only when the individual users exercise continuous care. Here are the key security recommendations for Practice Members for protecting patient data:

  • Keep the Password Secure

    Do not save the password in the browser, and do not use the same password for all your accounts. Store your passwords in secure password vaults instead of writing them down.

  • Proper Logout

    Log out from your Charm Account properly once you complete your work. Periodically check all your active sessions from the Settings > Security > Active Sessions section and close the sessions that were not properly closed earlier.

  • Regular Software Updates

    Keep your computer and browser secure by regular software updates.

We believe the above security measures and best practices will help you secure your CharmHealth account.

If you have any questions, kindly contact us at support@charmhealth.com