If you need to prevent an existing user from accessing your account, you'll want to make them inactive. Changing their password is not enough, as they could still reset it through their email address.
In general, as well, it's also a good idea to require all users of your account to enable 2 factor authentication (2FA)—this means that everyone will be required to enter a unique 6-digit code that's only generated via an app on their mobile phone. Should someone get access to your email address and password, but you have 2FA enabled, they would not be able to access the account unless they had your actual phone.
Restrict a user's access
Head to Settings, and then Users & practitioners:
On their details page, where it asks if they're an active user, switch it to no:
Scroll to the bottom of the page, and hit Update user:
You'll be prompted to enter your password, and then hit Update user again:
When that's done, you'll be able to see the user as inactive in the list of all users:
For more details on how to best secure your Cliniko account, have a look at the following articles:
As always, if you have any questions, our team is here to help!