1.3.5. Account Management (User Preferences)

1.3.5.5. Preventing Data Breaches

Here are some important guidelines for secure user management in Clinic HQ. Protecting your clinic’s data starts with strong user management. The following best practices reduce the risk of unauthorized access and support responsible system use.

Here are some important guidelines for secure user management in Clinic HQ. Protecting your clinic’s data starts with strong user management. The following best practices reduce the risk of unauthorized access and support responsible system use.

Use Organization-Affiliated Email Addresses

The most common breach occurs when personal accounts (e.g., aliyourrescue@gmail.com) are hacked.

  • Always use organization-affiliated emails (e.g., ali@yourrescue.org).
  • This gives your team more control and makes transitions easier if roles change or staff leave.

Avoid Shared or Generic User Accounts

Shared logins (e.g., frontdesk@… or welcome@…) are discouraged.

Shared logins have the following drawbacks:

  • Limit visibility into who is accessing the system.
  • Increase the risk of security issues.
  • Make tracking activity easier by creating individual accounts for each team member.

Regularly Review and Remove Inactive Users

  • Your HQ administrator should periodically review your user list.
  • Remove or deactivate accounts that are inactive or no longer needed.
  • This keeps the system secure and your user list accurate.

Don’t Use Other People’s Computer Accounts

  • Always log into your own Clinic HQ account.
  • Never save your password in a browser on someone else’s computer profile.
  • Shared computer accounts can allow unauthorized access without a password.

Understand the HQ Admin’s Role

The HQ Admin is responsible for managing users, including:

  1. Inviting new users
  2. Removing or deactivating accounts
  3. Assigning roles and permissions
  4. Monitoring access levels
  5. Limiting access to essential users helps protect the system and keep operations smooth.

What to Do if You Suspect a Security Issue

If you think a user account has been compromised or notice unusual activity:

  • Remove or deactivate unnecessary user accounts.
  • Have the HQ Admin reset the password.
  • Re-invite only essential users with secure, organization-affiliated emails.

Pro Tip: Conduct a quarterly review of your user list to stay ahead of potential risks.

Use Two-Factor Authentication (2FA)

  • Enable two-factor authentication to add an extra layer of security beyond just a password. Learn how to set it up HERE

See more information about HQ Security HERE

1.3.5.4. Passkey Authentication

Passkeys are credentials that validate your identity using touch, facial recognition, a device password, or a PIN. They can be used as a simple and secure alternative to your password and two-factor credentials.

1.3.5.6. Recovery Codes

Recovery codes serve as a secure backup option if you lose access to your primary authentication device. These one-time use codes should be stored in a safe location and used only when necessary to regain account access.