Enhancing Security & Automation for Pharmacy Education Software
This case study explores how Closeloop helped McCreadie Group strengthen PharmAcademic by implementing two-factor authentication via Twilio SMS and automating the removal of inactive preceptors — reducing support ticket volume by 65% and enabling program directors to manage residency programs far more efficiently.
McCreadie Group delivers market-leading software, PharmAcademic, for Pharmacy Education & Residency Programs and Research Pharmacies. It is a comprehensive platform trusted by pharmacy schools and residency programs across North America.
PharmAcademic integrates the management of experiential education, assessment, courses, curricular outcomes and mapping, and a portfolio designed to support pharmacists' education throughout their careers. It streamlines processes, eliminates inefficiency, and allows institutions to redirect limited resources where they matter most.
As the platform scaled, McCreadie Group needed a technology partner who understood pharmacy education workflows and could enhance security and operational efficiency without disrupting the existing system. They chose Closeloop for our comprehensive understanding of their unique requirements.
Operational Friction Points
After analyzing the current process and workflow in PharmAcademic, Closeloop identified two critical areas consuming disproportionate resources and degrading user experience across the platform.
High Volume of Support Tickets
The existing password reset process relied solely on email-based "Forgot Password" links. Many users never received the email or found the link non-functional, forcing them to contact support. Password reset requests alone accounted for approximately 25% of all PharmAcademic support activity, requiring staff to manually reset passwords — a significant security risk.
Unnecessary Users Associated with Programs
After program completion, preceptors who had left the organization remained linked to active programs. Residency Program Directors (RPDs) had to manually check every program and remove outdated users one by one. There was no bulk-removal feature, making this task time-consuming, inefficient, and error-prone across multiple programs.
Insecure Manual Password Handling
The procedure involved MGI Support manually resetting the user's password and sharing the new password with them directly — a practice that introduced unnecessary exposure and did not align with modern security standards for healthcare software platforms.
Orphaned Surveys & Cosign Obligations
When preceptors left mid-program, their pending annual Preceptor Surveys and cosign responsibilities for resident evaluations remained unresolved. There was no automated mechanism to close out these obligations, leaving program data in an inconsistent state.
Discovery & Stakeholder Analysis
Our team conducted a comprehensive assessment of PharmAcademic's workflows, engaging stakeholders across support, program administration, and end users to map pain points and uncover the root causes driving operational overhead.
25% of all tickets were password-related, revealing a broken self-service recovery flow.
RPDs spent hours individually reviewing programs to locate and remove departed preceptors.
Shared plaintext passwords by support staff created compliance and security risks.
Orphaned surveys and cosign obligations left program records in an unresolved state.
Stakeholders Engaged
- Residents — to understand the password recovery experience and daily frustrations
- Preceptors — to map program exit flows and outstanding obligations
- Residency Program Directors — to trace manual user management burden
- MGI Support team — to quantify ticket volume and time cost of manual resets
Automated User Management System
After comprehensive discovery, Closeloop designed and built two focused enhancements that addressed the root causes — a modern two-factor authentication system and an automated preceptor lifecycle process.
Two-Factor Authentication
Individual accounts can enroll in a 2FA flow for PharmAcademic access. Users provide a PAN so the system sends a reset code via Twilio SMS — bypassing unreliable email delivery entirely.
SMS-Based Password Reset
Integrated Twilio SMS service sends reset codes directly to the user's registered PAN. Users can request a new code as many times as needed — eliminating all dependency on support staff.
Automated Preceptor Removal
The system automatically identifies preceptors and PITs still associated with programs after completion and removes them — replacing hours of manual RPD work with a fully automated process.
Outstanding Survey Completion
When a preceptor exits mid-program, the system automatically completes their annual Preceptor Survey for all sites where they precepted — keeping program data clean and consistent.
Cosign Obligation Resolution
Cosign requirements for evaluations by preceptors who have an assigned Mentor are automatically removed on departure, preventing orphaned records and ensuring a clean program handoff.
Standardised Preceptor Handling
All preceptors are now treated equally within PharmAcademic. The system identifies those needing additional guidance while enforcing a consistent removal process across all programs.
Key Capabilities Built
This engagement reflects Closeloop's commitment to understanding PharmAcademic's operational realities and delivering enhancements that directly serve residency program administrators, preceptors, and residents.
SMS Password Reset via Twilio
On-demand reset codes sent directly to the user's PAN — no email required, no waiting.
Two-Factor Authentication
Individual 2FA enrollment for every PharmAcademic account, adding a secure second layer.
Automated User Cleanup
Post-program preceptor and PIT removal triggered automatically after program completion.
Survey Auto-Completion
Outstanding annual Preceptor Surveys auto-completed for all sites on preceptor departure.
Cosign & Mentor Resolution
Cosign obligations for mentored preceptors resolved automatically, keeping records clean.
Preceptor Equality Rules
Standardised handling ensures all preceptors are treated consistently across all programs.
Production-Mirror QA
Rigorous testing in a dev environment built to mirror production hardware and configuration.
UAT Support
Full user acceptance testing support to validate real-world scenarios before go-live.
System Architecture
End-to-end view of how PharmAcademic's two-factor authentication, Twilio SMS service, preceptor removal logic, and PIT removal connect across the platform for residents, preceptors, and program directors.
Tech Stack
ASP.Net
VB .Net
MySQL
JavaScript
BackBone JS
Twilio
Results & Business Impact
Closeloop delivered far more than feature additions — we delivered a security uplift and operational transformation rooted in deep understanding of pharmacy education workflows.
Password reset tickets significantly decreased after 2FA and SMS verification implementation.
Automated removal of inactive preceptors reduced manual workload for program directors.
Two-factor authentication strengthened access control and improved overall user experience.
Explore the complete journey from problem to results—backed by real data and insights.
Client Value & Feedback
Client feedback reflects not just satisfaction with technical execution but appreciation for the strategic partnership and the measurable business outcomes achieved across the PharmAcademic platform.
"Closeloop demonstrated a comprehensive understanding of our unique requirements and presented a compelling solution that met our needs. The two-factor authentication and automated preceptor removal have significantly improved both security and operational efficiency within PharmAcademic."
Cherish Lallone, McCreadie GroupFrequently Asked Questions
No questions match your search.
A significant portion of support tickets on user-facing platforms — particularly in healthcare and education software — stem from broken or unreliable password recovery flows. When users cannot reset their own passwords, they escalate to support, consuming staff time and creating security risks when agents manually share new credentials. Implementing 2FA with SMS-based verification via a service like Twilio replaces this broken flow entirely, letting users recover access independently and instantly. Closeloop Technologies implemented exactly this solution for a pharmacy education platform, resulting in a 65% reduction in daily password-related support tickets.
Manual password sharing — where support agents reset a user's password and send it to them in plaintext — is a significant security vulnerability in any software platform, but especially in healthcare and education environments that handle sensitive personal and academic data. It exposes credentials during transmission, bypasses access audit trails, and violates modern security standards. The correct approach is implementing self-service recovery through a secure, verified channel such as SMS OTP. Closeloop Technologies identified and eliminated this exact practice for a pharmacy residency platform, replacing it with an SMS-based 2FA reset flow built on Twilio.
A: Email-based password reset flows are notoriously unreliable — reset emails land in spam, corporate email filters block them, or users simply don't have timely access to the inbox on file. Twilio SMS bypasses all of these failure points by delivering a reset code directly to the user's registered phone number in seconds. It's instantaneous, device-independent, and doesn't rely on email infrastructure. Closeloop Technologies integrated Twilio SMS as the primary reset channel for a healthcare education platform, eliminating the delivery failures that were driving a quarter of all support requests.
Programs with frequent user lifecycle changes — such as education or residency platforms where instructors and participants join and leave on a rolling basis — accumulate stale user records rapidly without automated cleanup. This creates administrative overhead, data integrity issues, and security risks from accounts that remain active after a person has left. Automation can trigger cleanup workflows based on program completion events, removing inactive users, resolving outstanding obligations, and keeping records consistent without manual intervention. Closeloop Technologies built exactly this automated lifecycle management system for a pharmacy residency platform, saving program directors approximately 50% of their administrative time.
orphaned records — unsubmitted surveys, pending cosign obligations, and incomplete evaluations — that put program data in an inconsistent and unresolvable state. For accreditation-sensitive platforms like pharmacy residency management software, this is particularly problematic as it can affect compliance reporting. Automated offboarding workflows that resolve all outstanding obligations on exit are the correct solution. Closeloop Technologies designed this exact approach — automatically completing outstanding surveys and resolving cosign obligations when a preceptor departs — ensuring clean program records at all times.
Mid-program exits are a reality in any platform serving rotating participants — preceptors, residents, or instructors who leave before completing their obligations. Without automation, these unresolved items pile up and require manual intervention from program administrators to close out. The right approach is event-driven automation: when an exit event is triggered, the system automatically completes or reassigns outstanding surveys and removes cosign requirements for users who have an assigned mentor. Closeloop Technologies built this automated obligation resolution into the PharmAcademic platform as a core feature, preventing data gaps and administrative backlogs entirely.
Modern healthcare and education platforms should implement multi-factor authentication, eliminate plaintext credential sharing, enforce session timeouts, use role-based access controls, and maintain full audit trails for all authentication events. Password resets should be handled through verified, out-of-band channels — such as SMS OTP — rather than email links that can be intercepted or fail silently. Closeloop Technologies applies all of these principles when building or enhancing authentication systems for regulated-industry platforms, treating security as a foundational requirement rather than a bolt-on feature.
Testing 2FA and authentication flows requires a development environment that mirrors production hardware and configuration precisely — so that behavior in testing accurately reflects what users will experience after go-live. Test cases must cover the full range of scenarios: successful OTP delivery and entry, expired codes, repeated requests, incorrect PAN entries, and edge cases in the SMS delivery chain. Closeloop Technologies builds production-mirror QA environments for every security-sensitive engagement, followed by full user acceptance testing with real stakeholders to validate real-world scenarios before any change reaches production.