Workspace Settings
How do clinical administrators manage workspace configurations and security settings?
Maintaining an efficient, secure, and compliant clinical environment requires comprehensive administrative control. Under ConsentCollect’s clinical dashboard, the Settings portal serves as the command center for clinical trial managers, hospital department heads, and legal officers.
From updating provider specialties and organizational logos to allocating highly secure staff seats, managing HIPAA Business Associate Agreements (BAAs), configuring hardware biometric passkeys, and exercising permanent data deletions, settings give your practice complete oversight of its cryptographic boundaries.
1. Clinical Profile & Practice Details
Clinical profile and organizational identity configurations ensure all communications and electronic documents are professionally branded and verified:
- Clinical Profile: Clinicians can manage their full legal name, professional credentials (e.g., MD, FACS, NP), and primary specialty (e.g., Orthopedic Surgery, Pediatric Research). This guarantees that co-signatories and institutional reviews show correct professional credentials.
- Practice Details: Houses the official clinical or research organization’s name, primary clinical address, default contact email, contact phone number, and institutional website.
- Clinic Branding Logo: Administrators can upload their healthcare system’s logo directly in settings. This logo is automatically rendered in the header of all clinical consent templates and patient onboarding screens to build patient trust and establish a seamless institutional experience.
2. Staff Directory & Seat Allocations
To preserve strict individual accountability and secure the zero-knowledge workspace, staff seats are managed under a high-security paradigm:
- Strict Limits on Shared Access: ConsentCollect enforces a maximum workspace limit of two (2) active or pending clinical staff seats per organization. This prevents credential pooling and keeps security vectors strictly auditable.
- Role-Based Permission Levels:
- Owner: Canonical administrative authority over seat management, billing subscriptions, and master key handshakes.
- Editor: Enjoys full capabilities to draft consent templates, manage signing orders, and deploy active consent forms.
- Auditor: Possesses read-only access to immutable forensic audit ledgers, signatory profiles, and completed forms, with absolutely no editing or administrative capabilities.
- Administrative Revocation: Owners can instantly revoke active or pending invitations. Revocation immediately flags the staff invitation as revoked and purges all workspace key associations, protecting trial integrity if a team member departs.
3. HIPAA Compliance & Business Associate Agreements (BAA)
For healthcare institutions and clinical trial sponsors, proving compliance with international privacy standards is a non-negotiable legal requirement:
- Local Redaction Filters: The settings page details compliance tools that run browser-side to scrub Protected Health Information (PHI) before any semantic audits are executed, maintaining a zero-leakage security boundary.
- Business Associate Agreement (BAA): For Enterprise subscriptions, settings hosts the legally binding Business Associate Agreement (BAA) confirming HIPAA liability limits. Clinicians can review, execute, and sign the BAA directly via a secure signing slideover. Once signed, the platform records the authorized signer’s name, exact date, BAA version, and anchors the Forensic Entry Hash into the audit trail for permanent legal visibility.
4. Device Security & Key Management
Because ConsentCollect is a Zero-Knowledge ecosystem, local device security is the primary lock protecting your clinical templates and patient records.
Biometric Passkey Enrollment
Coordinators can easily configure TouchID, FaceID, or platform security PINs (Windows Hello) on new devices:
- Navigate to Device Security: Locate the Device Security tab under Settings.
- Verify Identity: Enter your unique 4-word Master Recovery Passphrase to decrypt your credentials.
- Trigger Biometric Scan: Click Enable Biometric Unlock and scan your fingerprint or face when prompted by your browser.
- Local Vault Established: Your browser generates a unique, hardware-bound local vault, caching keys safely in sandboxed browser storage. This lets you log in via quick, secure scans going forward without typing your passphrase.
Mnemonic Recovery Key Download
If browser caches are cleared or a tablet is upgraded, your local biometric keys are lost. To guarantee you never lose access:
- Clinicians can enter their 4-word master passphrase to verify identity and download a secure Mnemonic Recovery Key file (
consentcollect-recovery-key.txt). - This file provides clean instructions for offline storage, ensuring that the trial team always possesses a recovery path to rebuild their browser keystores if physical devices are lost.
5. Billing & Subscription Tiers
Billing configurations allow organizations to simulate subscription changes to align with active study scales:
- Practice Tier: Standard medical office configurations, supporting high-speed clinical templates and default seat configurations.
- Research Tier: High-integrity trial layouts, supporting geofencing checks, advanced witness gates, and mandatory teach-back assessments.
- Enterprise Tier Switcher: Administrators can simulate switches to Enterprise environments to test advanced features, such as custom BAA signings and expanded security protocols.
6. The Danger Zone (Terminal Deletions)
High-risk, un-erasable actions are restricted to the administrative Danger Zone in settings, requiring double-confirmation checks to prevent accidental execution:
- Delete My Data (Workspace Purge): Instantly scrubs all workspace drafts, active templates, and clinical trial records from the database and Cloudflare R2 vaults. It preserves transaction logs to satisfy institutional archiving requirements. Executing this scrub requires typing the confirmation code
DELETE. - Delete My Account (Terminal Workspace Closure): Terminally closes the clinician profile, revokes all seat delegations, and hard-deletes all credentials. Once completed, the session is purged, and the coordinator is redirected to the platform logout portal. Executing this terminal closure requires typing
DELETE ACCOUNT.