As cyber threats in healthcare become increasingly sophisticated, PointClickCare® is introducing a suite of critical security enhancements designed to better protect healthcare organizations and their residents. These updates emphasize stronger authentication, tighter access controls and increased accountability—each aligned with regulatory expectations and real-world threats.

Here’s a breakdown of the most significant upcoming changes:

1. Multifactor Authentication (MFA) Enforcement

What’s Changing:
PointClickCare® will require Multifactor Authentication (MFA) for:

• All remote users
• All IT administrators or users with access to security and configuration settings

Why It Matters:
MFA strengthens login security by requiring a second form of identity verification—like an authenticator app or code—in addition to the password. This helps prevent unauthorized access, especially from remote locations.

Key Exemptions:

• SSO (Single Sign-On) users using external identity providers
• Mobile app, eMAR and POC users (for now—these will be included in a later enforcement phase)
• API integrations (will also be phased in later)

Support Resources:
A dedicated MFA Resource Hub is available through the PointClickCare® Support Portal, offering guides, FAQs and setup assistance.

2. IP Address Masking and Allow Listing

New Requirements:

• Facilities will be required to enforce IP allow listing, ensuring users can only log in from approved networks.
• On-site users must log in through facility-approved IPs.
• Remote users will only be allowed access through previously authorized IP addresses.

Why This Matters:
Restricting login access by IP significantly reduces the risk of unauthorized remote entry, protecting patient data from external threats.

3. Enhanced Privileged User Management

Key Update:
PointClickCare® is standardizing how privileged user access is granted. All users with elevated rights (e.g., security user with read/add/edit access) will be moved under a new Standard Role titled IT Systems Administrator.

Benefits:

• Streamlined role management
• Easier auditing and monitoring of high-risk accounts
• Reduced risk of excessive permissions

Recommendations:

• Limit the number of privileged users
• Provide ongoing training
• Regularly review security policies and procedures

4. Login History & Audit Trails

Feature Highlights:

• Detailed log of user login attempts
• Tracks user location and login timestamps
• Enables IT teams to quickly detect anomalies and investigate potential breaches

Why It’s Important:
This transparency enhances your ability to catch and respond to suspicious activity before it escalates.

5. Compliance Alignment: HIPAA Security Rule Updates

PointClickCare® updates are also aligned with recent HHS-proposed changes to the HIPAA Security Rule, including:

• More rigorous risk analysis and documentation
• Required technology asset inventories
• Expanded use of multifactor authentication

These updates not only strengthen technical defenses but also help organizations meet federal compliance standards.

Tools and Training: Staying Informed

PointClickCare®’s Resource Hub offers facilities the ability to:

• Track product updates and regulatory announcements
• Access training programs and “Guide Me” tools
• Manage support cases and user feedback

Healthcare teams are encouraged to explore this hub regularly to stay ahead of system changes and ensure smooth adoption of new security protocols.

Final Thoughts

With data security threats growing more severe by the day, these upcoming PointClickCare® updates provide healthcare organizations with crucial tools to secure their systems, staff and residents. By preparing now—updating user roles, configuring MFA and reviewing login access policies—facilities can ensure a seamless transition and significantly bolster their digital defense posture.

Enhance PointClickCare® Outcomes With Richter

PointClickCare® is a powerful tool to help optimize care and drive positive business outcomes for organizations across the long-term post-acute care (LTPAC) spectrum.

At Richter, we’re a Strategic Alliance Partner and Certified Training Partner for the entire suite of PointClickCare® applications. We believe strongly in this platform—and we know that getting the most out of it means using it to its fullest extent, and integrating it into your processes and work flows.