From the moment you store valuable information like Personal Identifiable Information, sensitive or medical data, you must protect that data.
Authentication will identify the user and protect the access to data. You must ensure that you create or use a solid authentication method that enforces security and protects against brute forcing. The authentication credentials must be implemented according to the OWASP best practices.
When you create an authenticated session, you need to apply a reasonable session time-out.