Now Available!
Beginning April 25, 2024, we are introducing a new optional feature designed to bolster PCI compliance and enhance security: customizable session timeouts. In line with industry standards and best practices, we're introducing the ability to configure your session timeout from 30 to 15 minutes.
Why the change?
We're committed to safeguarding sensitive cardholder data and reducing the risk of unauthorized access. By implementing this feature, users can tailor their session durations according to their security preferences to comply with PCI DSS (Payment Card Industry Data Security Standard).
How does it work?
User Level
If only some of the users in your practice group need a 15-minute session timeout, we recommend that you contact them directly and have them follow the instructions below to comply with PCI DSS.
1. Hover over "Account" and select "Provider Settings."
2. Select the "Security" tab.
3. Under "Timeout Session," select "Enable Custom Timeout Session and select "15 minutes." Click "Update Entire Profile" to save your changes.
If you notice that you no longer see the Timeout Session under your security tab, please reach out to your office manager or practice admin. Your entire practice may have been enrolled in the 15-minute session timeout at the practice group level.
Practice Group Level
If it is necessary for all users in your practice group to have a 15-minute session timeout, please log a support ticket to request the session timeout for your practice group to be updated to 15 minutes. Our team will turn on this feature for you through an internal setting only our team can enable. Please note that if the 15-minute session timeout is enabled for your practice group, individual users will no longer see the Timeout Session in the security tab in their account. If you want the session timeout for your practice group enabled for longer than 15 minutes, contact our support team, and someone can assist you with reverting the change back to 30 minutes.
We request that each practice group communicate these changes to their practices before our support team makes any changes. We also ask that the owner, office manager, or practice admin reach out to make these changes on behalf of the practice.
Who should have this enabled?
We suggest decreasing the session timeout to 15 minutes for users who handle sensitive billing information, actively enter credit card data, or have access to stored credit card data. It's important for users to remain aware of their session activity and save their work before the 15-minute mark to avoid any interruptions. If you log out, you will be redirected to the page you were on before the logout.
Will my work be saved if my session times out?
DrChrono has an autosave feature for clinical notes and charting. This means your information will be saved automatically if your session times out. However, please note that we do not support autosave functionality in other areas of the system. We kindly ask that you finish your task or workflow before leaving your DrChrono session to avoid losing your progress.