End-User Access Control


  • How are password policies enforced?
  • Password strength and access control
  • Role-based security
  • Preventing access outside the U.S.
  • Disabling user accounts
  • Audit logs
  • First-time Login, Password Resets, Shared Logins


How are password policies enforced?

  • ER Express’ access control settings are configured to match each health system’s access control standards (password complexity, password expiration, etc.).
  • For authentication, users must enter their username and password to access the ER Express web application.
  • We enforce complex passwords (20 or more characters) for all ER Express staff to access any applications with PHI.


Password strength and access control

  • For authentication, users must enter their username and password to access the ER Express web application.
  • Application Authentication: All applications are configured to require authenticated access using a unique user login and password, and passwords are encrypted using a non-reversible algorithm by default.
  • Password Strength: Security settings are configured to match health system standards to be at least 8, 9, 15, or 20 characters long, and contain any (or all) 3 of the following types of characters:
    • upper-case alpha,
    • lower-case alpha,
    • numeric, and
    • special characters (non-alphanumeric).
  • Password Aging: All users are required to change their passwords at least once every 60, 90, 180, or 365 days.
  • Inactive Session Termination: Systems are configured to ensure inactive session termination to prevent inadvertent unauthorized access to confidential information.
  • Unsuccessful login: user access if frozen after 3, 4, or 5 unsuccessful attempts.
  • Only a site administrator or ER Express staff can unlock users who have exceeded the number of failed password attempts.
  • Idle time logout: User sessions are automatically terminated, i.e., logged out after 60 minutes of idle time.*
  • Password re-use: the system will prevent uses from re-using their 3, 4, or 5 most recently used passwords.
  • Data Partitioning: Systems are configured to ensure access to data is strictly on a “need to know” basis.
  • Audit of User Activities: Systems are configured to keep a detailed log of the viewing, deleting, and/or modification of patient-specific information. Lists of all successful and unsuccessful login attempts are captured. Audit events include username, date/time, affected module, patient name, and a description of the action taken by the user.

*All user accounts' idle time setting defaults to 60 minutes.  We are updating our system to allow each health system to adjust it to shorter or longer.

Role-Based Security

  1. ER Express provides role-based access. Individual staff access levels are determined by the health system.
  2. There are five roles in the application, each with pre-determined privileges:
    2.1 Site admin (can add/manage users and adjust settings)
    2.2 Multi-facility site admin (can add / manager users across multiple campuses)
    2.3 Full patient management (can adjust capacity controls)
    2.4 Limited patient management (can manage patient workflow)
    2.5 Reporting only
    2.6 View only


How does ER Express ensure health system data is not accessible outside of the United States?

  • We restrict access via an IP address whitelist.
  • Only pre-approved IP addresses can access data
  • By company policy, only U.S.-based IP addresses are placed on the whitelist


Disabling User Accounts

  • ER Express staff and health system site admins can disable user accounts by changing the user's account status to inactive.
  • User accounts can be disabled within the ER Express Control Panel. Only the Site Administrator role has user management privileges.
  • User accounts cannot be deleted, in order to preserve data for audit logs


Audit logs

The system logs all user actions, including

  • Creation of a user account
  • First-time login
  • All login attempts, including failed attempts
  • User account status
  • Edits to capacity settings
  • All workflow actions related to patient records (e.g., acknowledging, discharging, removing from the queue, viewing, downloading registration/intake forms, sending one-way text messages)
  • Edits to configuration settings (e.g., alert templates, alert destinations, form settings, queue settings)

First-time Login, Password Resets, Shared Logins

Have more questions? Submit a request