Core Feature

Security

Granular role-based access control, multi-factor authentication with TOTP, strong password policies, and account lockout protection. HTTPS enforcement with security headers across the application.

Request Demo Explore Features
Access Management

Role-Based Access Control

Granular access control with separate view and edit permissions per module. Users are assigned to access groups that control what they can see and modify across casebook, finance, management, documents, training, reagents, and reporting areas.

  • Module-Level Permissions - Separate view and edit flags for casebook, finance, management, coroner, documents, training, reagents, special requests, and reports.
  • User Type Classification - Users classified as Consultant, Pathologist, Clinician, Technician (BMS), or Client. Each type sees appropriate views and actions.
  • Case Access Filtering - Consultants, pathologists, and clinicians see cases assigned to them. Client users see only cases from their organisation.
  • Function-Level Controls - Specific permissions for case opening, invoice deletion, and other sensitive operations beyond standard view/edit access.
Role-based access control configuration
Authentication

Login & Multi-Factor Authentication

Secure authentication with strong password requirements and optional TOTP-based multi-factor authentication. Account lockout protects against brute-force attacks, and session tracking monitors active logins.

  • Multi-Factor Authentication - Optional TOTP-based MFA using Google Authenticator. Users enter a 6-digit time-based code after password authentication.
  • Password Requirements - Minimum 8 characters with mandatory uppercase, lowercase, digit, and special character. Configurable password expiry forces regular rotation. Passwords hashed using ASP.NET Identity.
  • Account Lockout - Accounts locked after 3 failed login attempts. Manual unlock required by an administrator to prevent unauthorised access.
  • Session Tracking - Active sessions tracked in the database. Login activity logged with timestamps for compliance and security review.
Multi-factor authentication login
Data Protection

Transport Security & Headers

All traffic encrypted over HTTPS with HSTS enforcement. Security headers protect against common web vulnerabilities including clickjacking, content sniffing, and cross-site scripting.

  • HTTPS Enforcement - All connections require HTTPS. Cookies set with Secure flag to prevent transmission over unencrypted connections.
  • HSTS Header - Strict-Transport-Security header enforces HTTPS for all subsequent browser requests, preventing protocol downgrade attacks.
  • Security Headers - X-Frame-Options (SAMEORIGIN), X-Content-Type-Options (nosniff), Content-Security-Policy, and X-Permitted-Cross-Domain-Policies configured.
  • Report Data Redaction - Optional patient name redaction on client-facing statements and reports. Initials-only mode available per customer configuration.
HTTPS and transport security
Security Layers

Defence in Depth

Multiple layers of security protecting your laboratory data from authentication through to activity logging.

1
🔑

Authentication

Username/password with optional TOTP multi-factor authentication. Account lockout after 3 failed attempts.

2
👥

Access Groups

User access groups with granular view/edit permissions per module. Five user types with role-appropriate views.

3
🔒

Session Control

Database-tracked sessions validated on every request. Inactivity lockout for dormant accounts.

4
🔐

HTTPS & HSTS

All traffic encrypted over HTTPS with HSTS enforcement and comprehensive security headers.

5
📜

X.509 API Auth

External API access secured with mutual TLS using X.509 client certificates with thumbprint validation.

6
📋

Activity Logging

Case actions logged with user, date, and description. Login activity tracked for compliance review.

Capabilities

Security Features

Tools for protecting sensitive laboratory and patient data.

👥

Access Groups

Assign users to access groups with separate view and edit permissions for each system module.

🔑

TOTP Authentication

Optional time-based one-time password MFA via Google Authenticator for an additional login security layer.

🔒

Password Policy

Enforced password complexity with configurable expiry period. Minimum 8 characters, uppercase, lowercase, digit, and special character required.

🚫

Account Lockout

Automatic lockout after 3 failed login attempts. Administrator intervention required to unlock accounts.

📋

Session Tracking

Active sessions tracked in the database and validated on every request. Login timestamps recorded.

🔐

X.509 Certificates

API layer secured with mutual TLS client certificates. Thumbprint and expiry validation on every API request.

🛡️

Security Headers

X-Frame-Options, Content-Security-Policy, HSTS, and X-Content-Type-Options headers configured for web protection.

📊

Data Redaction

Optional patient name redaction on client statements and reports. Initials-only mode per customer configuration.

📜

Activity Logging

Case actions logged with user identification and timestamps. Exportable activity history for compliance review.

5
User Types
MFA
TOTP Authentication
HTTPS
Enforced Encryption
X.509
API Certificate Auth

See Security in Action

Book a demo to see how CorePathology protects sensitive patient data with role-based access and multi-factor authentication.

Book Demo Explore Quality