Owners
Practice setup, people, locations, permissions, subscription state, and practice-wide reporting and oversight.
Roles and permissions
Owners, administrators, front desk, clinicians, billing staff, and patients each get a workspace scoped to their responsibility — with the boundary enforced at the route, API, and data layers, not just hidden in a menu.
Your policy, carried by software
ClinicPro360 provides roles, permission flags, review states, and audit context. Your practice decides who holds which role, how supervision works, and what each boundary should be — the software enforces the policy you set.
The role map
The roles mirror how a group practice actually staffs itself. Each one is a real access profile with its own routes and permission set — not a label on an all-access account.
Practice setup, people, locations, permissions, subscription state, and practice-wide reporting and oversight.
Day-to-day administration — staff management, schedules, settings, and operational queues — without requiring the owner's account.
Inquiries, the waitlist, patient demographics, appointments, forms, and reminders — the surfaces a front desk works all day.
Their own schedule and caseload, patient records, assigned forms, clinical documentation, messaging, and enabled telehealth sessions.
Invoices, payments, claims, statuses, and reconciliation, worked from financial surfaces rather than the clinical record.
A dedicated portal for appointments, forms, messages, bills, and telehealth — never a view into the operational workspace.
Enforcement
In layers, so no single miss exposes a record. A permission in ClinicPro360 is not a hidden menu item — it is a check that runs everywhere the data can be reached.
At sign-in, each account resolves to its role plus its organization and, where applicable, location context. That context follows every request.
Each workspace route checks the visitor's role before rendering. A biller's link to a clinical route does not degrade gracefully — it does not open.
Create, read, update, and delete operations validate role and permission flags server-side, independent of what the interface displayed.
Records are scoped to the practice at the data layer, so queries cannot cross organization boundaries even in error.
Consequential actions carry who did what and when, giving owners a trail to review instead of a mystery to reconstruct.
Visibility scopes
The question that decides whether software fits a group practice is not whether it has roles — it is whether visibility can differ by responsibility. Permission flags in ClinicPro360 distinguish own-patient access from location-wide and organization-wide visibility, so the same 'clinician' title can mean different scopes at different practices.
A clinician's daily view stays scoped to their own patients and schedule, keeping the workspace focused and the boundary clean.
Broader review access lets supervisors and clinical directors open records in the practice's sign-off process, with review states carrying each note's position.
See supervision workflowsLocation-scoped staff work their own site's day, while multi-location permissions allow cross-site schedule and capacity review.
See multi-location workflowsOrganization-wide visibility for the people accountable for it — reporting, readiness, and administration across every location.
Review the security modelIn practice
Role-based access earns its keep on the days your roster changes. Here is what hiring and offboarding look like when access is a permission decision instead of a shared login.
An invitation creates their account with front-desk access from the first sign-in — schedules, demographics, and forms, with no exposure to clinical documentation.
They get their own schedule and caseload immediately. As patients are assigned, records appear in their workspace — nothing to forward, nothing to over-share.
Broader review access is a permission change, not a new account. The needs-documentation worklist and review states are visible the same day.
Deactivating the account ends access everywhere at once — routes, APIs, and data. There is no checklist of five systems to remember.
Roles FAQ
Yes. Billing staff work invoices, payments, claims, and reconciliation from financial surfaces connected to the visit record. Clinical documentation access is a separate permission your practice controls.
Yes — small practices often have an owner who also carries a caseload, or an administrator who covers the front desk. Roles and permission flags combine so access matches the person's actual responsibilities rather than forcing a second account.
Owners and practice administrators manage people, roles, and locations from practice administration. Platform-level administration is separate from your practice's workspace — your practice's operational control stays with your practice.
No. Patients use a dedicated portal for appointments, forms, messages, bills, and enabled telehealth. The operational workspace — schedules, queues, other patients — is never rendered for a patient account.
A supervisor who should see two teams, a biller who should not see notes, a front desk scoped to one site — name the boundary and we will walk through exactly how it is enforced.