Skip to main content

Roles and permissions

Role-based access that matches how a therapy practice actually divides the work

Owners, administrators, front desk, clinicians, billing staff, and patients each get a workspace scoped to their responsibility — with the boundary enforced at the route, API, and data layers, not just hidden in a menu.

Your policy, carried by software

The practice owns the access standard

ClinicPro360 provides roles, permission flags, review states, and audit context. Your practice decides who holds which role, how supervision works, and what each boundary should be — the software enforces the policy you set.

The role map

Which roles does ClinicPro360 support?

The roles mirror how a group practice actually staffs itself. Each one is a real access profile with its own routes and permission set — not a label on an all-access account.

Owners

Practice setup, people, locations, permissions, subscription state, and practice-wide reporting and oversight.

Practice administrators

Day-to-day administration — staff management, schedules, settings, and operational queues — without requiring the owner's account.

Front desk and reception

Inquiries, the waitlist, patient demographics, appointments, forms, and reminders — the surfaces a front desk works all day.

Clinicians

Their own schedule and caseload, patient records, assigned forms, clinical documentation, messaging, and enabled telehealth sessions.

Billing staff

Invoices, payments, claims, statuses, and reconciliation, worked from financial surfaces rather than the clinical record.

Patients

A dedicated portal for appointments, forms, messages, bills, and telehealth — never a view into the operational workspace.

Enforcement

How are permissions actually enforced?

In layers, so no single miss exposes a record. A permission in ClinicPro360 is not a hidden menu item — it is a check that runs everywhere the data can be reached.

Identity resolves to a role and context

At sign-in, each account resolves to its role plus its organization and, where applicable, location context. That context follows every request.

Routes admit the right roles

Each workspace route checks the visitor's role before rendering. A biller's link to a clinical route does not degrade gracefully — it does not open.

APIs re-check every action

Create, read, update, and delete operations validate role and permission flags server-side, independent of what the interface displayed.

Data stays organization-scoped

Records are scoped to the practice at the data layer, so queries cannot cross organization boundaries even in error.

Audit context preserves who acted

Consequential actions carry who did what and when, giving owners a trail to review instead of a mystery to reconstruct.

Visibility scopes

Own caseload, own location, or whole organization?

The question that decides whether software fits a group practice is not whether it has roles — it is whether visibility can differ by responsibility. Permission flags in ClinicPro360 distinguish own-patient access from location-wide and organization-wide visibility, so the same 'clinician' title can mean different scopes at different practices.

Clinicians see their caseload

A clinician's daily view stays scoped to their own patients and schedule, keeping the workspace focused and the boundary clean.

Supervisors see what policy allows

Broader review access lets supervisors and clinical directors open records in the practice's sign-off process, with review states carrying each note's position.

See supervision workflows

Location staff stay at their site

Location-scoped staff work their own site's day, while multi-location permissions allow cross-site schedule and capacity review.

See multi-location workflows

Owners see the whole practice

Organization-wide visibility for the people accountable for it — reporting, readiness, and administration across every location.

Review the security model

In practice

A staffing change, handled in minutes

Role-based access earns its keep on the days your roster changes. Here is what hiring and offboarding look like when access is a permission decision instead of a shared login.

A new receptionist starts Monday

An invitation creates their account with front-desk access from the first sign-in — schedules, demographics, and forms, with no exposure to clinical documentation.

An associate clinician joins mid-month

They get their own schedule and caseload immediately. As patients are assigned, records appear in their workspace — nothing to forward, nothing to over-share.

A supervisor takes on note review

Broader review access is a permission change, not a new account. The needs-documentation worklist and review states are visible the same day.

Someone leaves the practice

Deactivating the account ends access everywhere at once — routes, APIs, and data. There is no checklist of five systems to remember.

Roles FAQ

Common access-control questions

Can billing staff work without opening clinical notes?

Yes. Billing staff work invoices, payments, claims, and reconciliation from financial surfaces connected to the visit record. Clinical documentation access is a separate permission your practice controls.

Can one person hold more than one responsibility?

Yes — small practices often have an owner who also carries a caseload, or an administrator who covers the front desk. Roles and permission flags combine so access matches the person's actual responsibilities rather than forcing a second account.

Who manages roles and permissions day to day?

Owners and practice administrators manage people, roles, and locations from practice administration. Platform-level administration is separate from your practice's workspace — your practice's operational control stays with your practice.

Do patients ever see the staff workspace?

No. Patients use a dedicated portal for appointments, forms, messages, bills, and enabled telehealth. The operational workspace — schedules, queues, other patients — is never rendered for a patient account.

Bring your hardest access-boundary question

A supervisor who should see two teams, a biller who should not see notes, a front desk scoped to one site — name the boundary and we will walk through exactly how it is enforced.

Request a focused walkthrough