CareStack Security Best Practices

This guide outlines the key security configurations and administrative best practices recommended to strengthen your security posture. These practices help ensure that your staff access the system securely and significantly reduce the risk of unauthorized access from outside your practice premises.

Each section highlights the security features available in CareStack, explains their purpose and provides recommended actions and configuration tips to help your team implement them effectively and strengthen your overall security posture.

Topics Covered 

1.  IP Restrictions
   • Purpose
   • How it Helps 
   • Configuration Recommendations 
   • Reference
2. Two-Factor Authentication (2FA)
   • Purpose 
   • How it Helps 
   • Configuration Recommendations 
   • Reference
3.  Periodic Password Reset Policy
   • Purpose 
   • How it Helps 
   • Configuration Recommendations 
   • Reference
4.  Role-Based Access Control
   • Purpose 
   • How it Helps 
   • Configuration Recommendations 
   • Reference
5.  User / Provider Deactivation
   • Purpose 
   • How it Helps 
   • Recommended Practice 
   • Reference
6. Periodic Audit Trail Review
   • Purpose 
   • How it Helps 
   • Recommended Practice 
   • Reference
7. Additional Recommendations
   • Device Hygiene
   • Secure Wi-Fi

1. IP Restrictions

Purpose

• Restricts access to CareStack only from authorized networks, ensuring that only users connecting from approved IP addresses can log in.

How it Helps

• Prevents unauthorized logins from unknown or untrusted locations. It also adds a strong layer of access control even if a user’s credentials are compromised.

Configuration Recommendations

• If your staff requires occasional access from outside your practice network (e.g., mobile dental units, community health clinics, home), enable the configuration to 'Allow Login from Unlisted IPs via OTP' for those users.

• This ensures secure offsite access while maintaining control over where users can log in from.

Reference

• For detailed setup instructions, please refer to the article - Set Up IP Restrictions in CareStack.

2. Two-Factor Authentication (2FA)

Purpose

• Adds a second layer of identity verification in addition to the username and password.

How it Helps

• Even if credentials are stolen or guessed, 2FA ensures that only authorized users with access to their registered email can log in using a one-time password (OTP).

Configuration Recommendations

• Adaptive 2FA - Users can optionally enable the setting 'Skip 2FA when logging in from allowed IPs' for smoother login within trusted networks, while keeping 2FA mandatory for all offsite logins.

Reference

• For detailed setup instructions, please refer to the article - Set up Two Factor Authentication in CareStack.

3. Periodic Password Reset Policy

Purpose

• Reduces the risk of long-term credential compromise by enforcing regular password changes.

How it Helps

• Prevents misuse of old or leaked passwords, especially for inactive or forgotten accounts.

Configuration Recommendations

• Enforce periodic password resets every 90 days or based on your compliance requirement.

• Encourage users to use strong passwords with a mix of uppercase, lowercase, numbers, and special characters and not to reuse old passwords.

Reference

• For detailed setup instructions, please refer to the article - Set up Periodic Password Reset.

4. Role-Based Access Control

Purpose

• Ensures that users only have access to the data and actions necessary for their responsibilities.

How it Helps

• Minimizes the risk of accidental data exposure or unauthorized changes by limiting access to sensitive areas of the system.

Configuration Recommendations

• Periodically review user profiles and permissions to maintain a least-privilege access model.

• Configure automatic logout for inactive sessions for Profiles

Reference

• For detailed setup instructions, please refer to the article - Manage Profiles and Related Permissions.

5. User / Provider Deactivation

Purpose

• Ensures that access is immediately revoked for anyone no longer associated with your organization.

How it Helps

• Prevents ex-employees, temporary staff, or contractors from retaining access to sensitive patient or business information.

Recommended Practice

• Deactivate users in CareStack as soon as they leave your organization or no longer require access.

Reference

• For detailed setup instructions, please refer to the article - Deactivate a User or Provider

6. Periodic Audit Trail Review

Purpose

• Monitors user activities and helps identify unauthorized access or irregular behavior.

How it Helps

• Provides accountability and early detection of suspicious activity.

Recommended Practice

• Regularly review the Audit Trail to verify user logins, data edits, or deletions.

• Flag any unusual access patterns such as,

  • Logins from new or unapproved IPs.

  • Activity outside normal business hours.

  • Changes to sensitive patient or billing data.

Reference

• For details, please refer to the article - General Overview of Audit Trail

7. Additional Recommendations

Device Hygiene

• Ensure that all laptops or tablets used for CareStack access have up-to-date antivirus software and OS patches.

Secure Wi-Fi

• Avoid using public Wi-Fi for CareStack access. If necessary, connect through a trusted VPN.