Access control
← Back to ResourcesMulti-factor authentication
A password alone does not protect a clinical record system. This page is a high-level overview of how Handovex secures sign-in, not a certification claim.
01 ···· 03
Authenticator-app codes
Signing in to a clinical account requires a six-digit, time-based code from an authenticator app in addition to the password. Enrolment is enforced at first sign-in, not offered as an optional setting.
02 ···· 03
Hospital single sign-on
Organisations can sign in through their own identity provider, so existing hospital access policies, factor requirements, and offboarding processes apply unchanged.
03 ···· 03
Session assurance
A session that has not completed a second factor is not treated as fully authenticated. Access to clinical records requires the elevated session, not just a correct password.