Logo

RTasks.net: Security

Secure and restricted-access E-Charting

Security is an important factor in selecting software.  ResiDex Software takes security VERY seriously.  Following is a general overview of the security features provided in RTasks. We're happy to discuss these items in more detail - just get in touch with us!

Access must be granted to each user from an administrator 

Each RTasks.net user must be specifically & individually  granted permission to access RTasks from an authorized administrative user from the same organization (every organization that uses ResiDex will have at least one administrative user authorized to grant ResiDex and/or RTasks access to other users.)

A user will NOT be granted access to RTasks.net by ResiDex staff unless this is specifically requested in writing from an authorized administrator from the same organization.

Each user has a personal ResiDex account

Each individual user is required to create their own unique email address and password that only he/she has access to. We ensure this by setting each user's RTasks username to be the same as their email address.
('Family' email addresses, an email address used by multiple staff at an organization, or any other shared email address are not acceptable).  

This ensures that initial login instructions and forgotten password/password reset links are only accessible to the intended user.

Staff Roles

Each use with a unique account allows permissions to be set on a per user basis. Administrators can grant each of their users access to only the functionality each user individually needs. (I.E. One user can have access to ALL functionality, another user may not be able to view/ create resident notes, yet another user maybe only able to electronically chart services and do nothing else in RTasks.)

IP Address Restriction

An optional RTasks feature: Users can be allowed to only connect to RTasks.net from certain pre-approved IP Addresses (such as those used at the facility). 

Exemptions to this restriction can be granted on a per-user basis. For instance, you may choose to limit RTasks access for most staff to your building, but allow nurses to connect from anywhere when on-call! Alternatively, this feature can be completely disabled if it is not desired.

HTTPS

HTTPS is a protocol for secure communication over computer networks, and is commonly used as a security feature the internet. HTTPS is used to secure all communications to and from RTasks.net.

Encrypted Password Storage

Within our databases, user passwords are stored in an encrypted format. This means passwords cannot be viewed by anyone with access to the ResiDex database; not even ResiDex Staff can view a user's password in a plaintext format.

User-specified challenge questions

"I forgot my password' challenge questions are commonly used to verify a user and to reset a forgotten password.  

Our approach is to have users create their own individual custom challenge questions! When a user initially sets up their RTasks account, they must create their own challenge question and provide their own answer. This approach allows users to create tougher challenge questions that are unique.

Failed Login Attempt Limits

Users are only allowed a limited number of failed RTasks login attempts before their account is locked down completely, requiring Administrator or ResiDex assistance to unlock the account.

Session Timeouts

RTasks sessions will automatically time-out after a set amount of idle time. If a user leaves their device logged into RTasks and steps away, RTasks will lock down as soon as it determines the device is not in active use.

2-Step Verification

2-Step Verification is an optional feature of RTasks that allows a user to secure access to their account with more than a password. This type of verification requires knowing the password but also requires access to their private email account.

With 2 step verification activated, your login looks a little different

  1. The user enters their username and password into ResiDex (as with the traditional login method)
  2. A special one-time-use code will be emailed to the user 
  3. The user will then be prompted for this special code to finish logging into RTasks to complete their login.

The advantage here is that a user needs to both KNOW their own RTasks password, and HAVE control over their own private email address to get into RTasks, making it much more difficult for someone inappropriately access their account!