Guidelines for Secure User Management in Clinic HQ
To help protect your clinic’s data and ensure secure access, it’s important to follow a few recommended practices when managing users in Clinic HQ. These steps can reduce the risk of unauthorized access and support responsible system use.
- Use Organization-Affiliated Email Addresses
The most likely breach scenario is when someone uses a Gmail account and their email gets hacked. Use organization-affiliated email addresses (e.g., ali@yourrescue.org) instead of personal ones (e.g., aliyourrescue@gmail.com). This gives your team more control and helps maintain security if roles change or someone leaves.
- Avoid Shared or Generic User Accounts
Using shared login accounts (e.g., a general team or welcome email) is discouraged, as it limits visibility into who is accessing the system and can pose a security risk. Whenever possible, create individual accounts for each team member who needs access. This makes tracking activity and managing permissions much easier.
- Regularly Review and Remove Inactive Users
It’s a good idea to periodically review your user list and remove accounts that are no longer in use. If a user hasn’t logged in within a reasonable period or no longer needs access, deactivating or deleting their account can help keep your system secure and your user list accurate.
- Understand the HQ Admin’s Role
The HQ Admin is responsible for managing users in Clinic HQ. This includes:
- Inviting new users
- Removing or deactivating old accounts
- Assigning roles and permissions
- Monitoring and maintaining access levels
- Limiting access to only essential users helps protect the system and ensures smoother operation.
- What to Do if You Suspect a Security Issue
If you believe a user account may have been compromised, or you notice unusual activity:
- Remove or deactivate unnecessary user accounts.
- Have the HQ Admin reset their password.
- Re-invite only essential users using secure, organization-affiliated emails.
Tip: Conducting a quarterly review of your user list is a simple way to stay ahead of potential security risks.
Use Two-Factor Authentication for Better Security
We recommend enabling two-factor authentication to protect your account and sensitive data. It adds an extra layer of security beyond just a password.
Learn how to set it up here.
