Data security with Omnimed: A priority

Through its Web-based application’s positioning, Omnimed faces some challenges very specific to its reality. Among these challenges: the question of data security and privacy.

Considering the fact that millions of patient records stored in Omnimed are centralized in a single database, it is our duty to maintain the highest possible security standards of the industry. 

Secure connection

By accessing our login page via the address, you are automatically redirected to a secure connection (HTTPS protocol) identified on the left of the web address by the padlock icon. Click on this icon to validate that the certificate is issued for the domain "* ".


Always check the address bar to make sure you are on the official Omnimed website.

Password protection

Here are the mechanisms that Omnimed has applied to secure your password:

  • The requirement to change the password at 90-day intervals.
  • Application of standards to influence password selection: have at least one uppercase and one lowercase letter, at least one number, and a minimum of 8 characters. The password must not include your first name, last name, or Omnimed username.
  • Addition of a security question to validate the account holder's identity when the password is reset.
  • Create one account for each user. No generic account has access to the web application so that it is always possible to identify the person initiating an action in the electronic medical record.

ℹ️ We wish to remind you that protecting data is everyone’s business. Therefore, you can play a part in protecting your personal data and your patients’ data in Omnimed’s application. 

Here are some security rules to follow in order to protect access to your Omnimed account:

  • Never use the same password for your accounts (Omnimed, email addresses, social media accounts, or any other accounts).
  • Your password or security question should never contain your first or last name, the name of your husband or kids, or your date of birth. It would be too simple for a hacker to find it.
  • Make sure to always lock your account when leaving your desk, particularly when you’re in a public area (the same thing applies if you are using a tablet).
  • Never write down your password on paper. If necessary, make sure to lock up your document.
  • Never use a colleague’s account to connect to the application. You should all have your own accounts so that if an error occurs, we will be able to find the account associated with the error.

These simple rules can make a difference. Follow them when using Omnimed’s application as well as any other electronic devices as they contain tons of sensitive information.

Expiration of the session after 60 minutes of inactivity

Each Omnimed session automatically expires after 60 minutes of inactivity to prevent your Omnimed session from remaining active after you leave your workstation.

To reduce the risk of clinical notes being lost when your session expires, your Chrome browser tab will blink 10 minutes before disconnection and a warning message will appear in the tabs where Omnimed is open indicating that disconnection is imminent. You can then choose to extend your session or log out immediately.

If no action is selected, you will be disconnected and a window will display the unsaved text so that you can retrieve it for later use.

Geographical blocking

Geographical blocking (geo-blocking) is among the security measures deployed at Omnimed. Considering that the majority of hacker attacks originate from countries known for these types of attacks, we’ve made the decision to block all Internet traffic originating from the following countries:

  • China (including Hong Kong)
  • Russia
  • Iran

According to Bloomberg, close to 50% of hacker attacks worldwide come from these 3 countries. It’s important to note that our system administrators’ team monitors all of our systems in real-time in order to be able to intervene quickly against any attacks from external sources.

Special access permissions

Omnimed users traveling to these countries who wish to access our systems will be able to obtain special access permissions. To do so, they’ll need to contact the customer service from the location where they’ll be connecting to the EMR in order to be able to identify their IP address. Our team of system administrators will then be able to configure the permissions required for you to have access to our applications from that location.

It’s important to note that once the request has been placed, a delay of 24 business hours will be required for the administrators to configure everything appropriately.