Changes to the automatic session timeout

Within your Cliniko account, administrators have the option of setting up “automatic session timeout”. This means all users are logged out after a certain period of inactivity.

We released this feature last year, because it’s really important to the security of your account. For example, if you left your computer for a period of time but forgot to log out of Cliniko, having the automatic session timeout would log you out automatically—keeping your account (and the patient data within it) secure. This would protect your business data and your patients’ private information in the event that someone else gets access to your computer when you’re not present.

Previously, there was an option to not enforce automatic session timeout. Basically, this meant that no users would get “booted out” of Cliniko, even if they left their computers (or whatever device they were using) for an extended period of time.

But now, as of today, we have removed the option to never enforce it. The longest period of time a user can remain logged into Cliniko, without being active, is 7 days. If your account was set to “Never”, it’s automatically been changed to 7 days.

We’ve removed “Never” as an option because, quite simply, it opened up a window for your account to be less secure. As the information you store within Cliniko is highly confidential, we want to make sure we provide you with the necessary tools to keep your account as secure as possible.

You can certainly opt for the longest 7-day setting. This will just mean that if you forget to sign out, you’ll just need to sign in again if it’s been more than a week since you accessed your account.

Of course, hopefully you’ll remember to always log out of your Cliniko account when you’re not using it. Automatic session timeout is just an additional measure to keep your Cliniko account secure.

In addition, we strongly encourage that you enable 2FA. This can be done on individual accounts, but if you’re an administrator, you can enforce account-wide 2FA. We also suggest that you keep your browser up to date, and of course, always use a very secure password. :lock:

Last year, Cliniko founder Joel gave a talk on best practices for securing patient data, and it’s full of handy information that you can apply to your own Cliniko account. You can read more, and watch his presentation, right here.

As always, if you have any questions on this, please let us know. Our support team is always happy to help out! :blush: