User Roles & Access Control

KiviCare uses a role-based access control (RBAC) system to ensure that every user can access only the features relevant to their responsibilities. This helps clinics maintain data security, privacy, and operational efficiency.

All roles in KiviCare are plugin-specific and fixed, while their permissions are fully configurable by administrators.

---

Overview of Role-Based Access Control

Each user in KiviCare is assigned a specific role. Each role has a predefined set of capabilities that control:

• What menus are visible
• Which actions can be performed (view, add, edit, delete, export)
• Which medical and administrative data can be accessed

💡 TIP: Permissions can be enabled or disabled per role from the KiviCare dashboard, allowing you to customize the system to match your clinic’s workflow.

---

👥 Available User Roles in KiviCare

KiviCare provides the following fixed plugin-specific roles:

1. Administrator
2. Clinic Admin
3. Doctor
4. Receptionist
5. Patient

⚠️ WARNING: Roles cannot be deleted or renamed, but their permissions are fully customizable.

---

🧑‍⚕️ Role Descriptions & Access Scope

Administrator

The highest-level role with full control over the system.

Key Responsibilities

• Global system configuration
• Clinic and staff management
• Medical and billing oversight
• Permission management

Access Highlights

• Manage clinics, doctors, receptionists, and patients
• Full access to appointments, encounters, prescriptions, and medical records
• Configure services, taxes, schedules, email notifications, and settings
• SMS/WhatsApp notifications (Pro)
• Enable/disable permissions for all roles
• Access to the WordPress admin panel
• System-wide reporting and analytics
• Manage integrations and extensions

Feature	Access Level
Dashboard Access	Full system dashboard
Clinic Management	Create, edit, delete all clinics
User Management	Manage all user types
Appointments	View, create, edit, delete all appointments
Patient Records	Full access to all patient data
Medical Records 🔷 PRO	View all encounters and medical history
Billing & Invoices 🔷 PRO	Complete billing management
Reports 🔷 PRO	Generate all reports
Settings	Configure all system settings
Permissions	Modify role capabilities

When to Use Administrator Role

• System owners and IT administrators
• Technical support personnel
• Primary clinic owners managing multiple locations

CAUTION: Limit Administrator access to trusted users only as they have complete system control.

---

Clinic Admin

Manages day-to-day operations of a specific clinic without needing WordPress admin access.

Key Responsibilities

• Clinic-level staff and patient management
• Appointment and service configuration
• Billing and reporting for their clinic
• Operational oversight

Access Highlights

• Manage doctors, receptionists, and patients within their clinic
• Manage clinic profile, services, taxes, and schedules
• Access encounters, prescriptions, medical records, and billing
• Configure custom fields and forms for their clinic
• Generate clinic-specific reports
• Limited to assigned clinic data only
• Cannot access the WordPress admin panel
• Cannot modify system-wide settings

Feature	Access Level
Dashboard Access	Clinic-specific dashboard
Clinic Management	Edit own clinic details
User Management	Add/manage doctors, receptionists, patients
Appointments	Full access within their clinic
Patient Records	View all patients in their clinic
Medical Records 🔷 PRO	Access all encounters in their clinic
Billing & Invoices 🔷 PRO	Manage billing for their clinic
Reports 🔷 PRO	Generate clinic-specific reports
Settings	Configure clinic-level settings
Services	Manage services offered by their clinic

When to Use the Clinic Admin Role

• Clinic managers handling daily operations
• Branch managers in multi-location setups
• Practice managers who need operational control without technical access

IMPORTANT: Clinic Admins provide the perfect balance between operational authority and system security.

---

Doctor

Focused on clinical workflows and patient care without administrative overhead.

Key Responsibilities

• Conduct patient consultations
• Maintain medical records
• Create prescriptions and encounter notes
• Manage personal schedule and availability

Access Highlights

• View and manage assigned appointments
• Create and manage encounters (SOAP notes)
• Add and update medical records
• Create and manage prescriptions
• View patient history and reports
• Manage personal availability and clinic schedules
• Access patients assigned to them
• No access to clinic-wide administrative settings
• Cannot manage other doctors or staff
• Limited billing access (view only)

Feature	Access Level
Dashboard Access	Doctor-specific dashboard
Appointments	View the patients they are treating
Patient Records	View patients they are treating
Medical Records 🔷 PRO	Create and view Patient Medical Records
Prescriptions	Create and manage prescriptions
Reports 🔷 PRO	View patient reports and own statistics
Schedule	Manage personal availability
Services	Create and manage services
Billing 🔷 PRO	View billing information
Encounter (Medical History)	Access patient medical history

Doctor Workflow Example

1. Morning: Review today’s appointment schedule
2. Patient Arrival: Access patient medical history
3. Consultation: Record encounter notes (SOAP format)
4. Treatment: Create prescriptions and treatment plans

When to Use the Doctor Role

• Practicing physicians providing direct patient care
• Specialists conducting consultations

📝 NOTE: Doctors focus purely on clinical tasks without administrative distractions.

---

Receptionist

Handles front-desk and administrative operations to keep the clinic running smoothly.

Key Responsibilities

• Appointment coordination and scheduling
• Patient onboarding and registration
• Daily clinic operations support
• Billing assistance

Access Highlights

• Create, edit, and manage appointments
• Add and manage patients and doctors
• Manage services and schedules
• Handle billing and invoices
• Assist with encounter and report management
• No access to advanced system or clinic settings
• Limited access to medical records (basic info only)
• Cannot modify clinic configuration

Feature	Create, edit doctor schedules, and availability
Dashboard Access	Receptionist dashboard
Appointments	Create, edit, reschedule, cancel
Patient Records	Add and edit basic patient information
Check-In/Check-Out	Process patient arrivals and departures
Billing 🔷 PRO	Create invoices and process payments
Services	Create, edit available services
Sessions	Create, edit doctor schedules and availability
Reports 🔷 PRO	View appointment reports

Receptionist Daily Workflow

1. Morning Setup: Review today’s appointment schedule
2. Patient Check-In: Process arriving patients
3. Phone Calls: Handle appointment booking requests
4. Walk-Ins: Register and schedule walk-in patients
5. Rescheduling: Manage appointment changes
6. Patient Check-Out: Process departures and payments
7. End of Day: Prepare next day’s schedule

When to Use the Receptionist Role

• Front desk staff managing appointments
• Administrative assistants handling patient coordination
• Call center staff booking appointments

💡 TIP: Receptionists are the first point of contact and keep the clinic operations flowing efficiently.

---

Patient

Provides self-service access to patients while maintaining privacy and security.

Key Responsibilities

• Manage personal appointments
• View personal medical data
• Update profile information
• Track billing and payments

Access Highlights

• Book, view, reschedule, and cancel appointments
• View prescriptions and medical records
• Access bills and reports
• Update personal profile and password
• Submit and manage reviews
• Download medical reports
• Patients can only access their own data
• No access to other patients’ information
• Cannot view clinic administrative data

Feature	Access Level
Dashboard Access	Personal patient portal
Appointments	Book, view, reschedule, cancel own appointments
Encounter	View own Encounter (Medical History)
Prescriptions	View and download prescriptions
Billing 🔷 PRO	View bills and payment history
Reports 🔷 PRO	Access own lab reports and documents
Profile	Update personal information
Reviews	Submit doctor/clinic reviews

Patient Portal Features

1. Self-Service Booking: Book appointments online 24/7
2. Appointment Reminders: Receive email notifications (SMS/WhatsApp with Pro)
3. Medical History: Access complete medical records
4. Prescription Access: View and download prescriptions
5. Billing Transparency: View all charges and payments
6. Profile Management: Update contact and demographic information

When to Use Patient Role

• All registered patients receiving care
• Family members managing appointments (with consent)
• Caregivers accessing patient information (with authorization)

ℹ️ IMPORTANT: Patient data privacy is strictly enforced. Each patient can only see their own information.

---

Permission Management

KiviCare allows administrators to fine-tune permissions for each role, providing flexibility to match your clinic’s specific needs.

Where to Manage Permissions

Navigate to: KiviCare Dashboard → Settings → Permission Settings

From here, admins can:

• Enable or disable individual capabilities per role
• Control access to specific menus and actions

Permission Categories

Permissions are organized into logical categories:

1. Dashboard & Navigation

• Which dashboard widgets are visible
• Menu items and navigation access

2. Data Management

• Create, read, update, delete (CRUD) permissions
• Export and import capabilities
• Bulk action permissions

3. Clinical Features

• Appointment management
• Patient management
• Receptionist management
• Doctor management
• Encounter management
• Prescription creation
• Medical record access
• Billing and invoicing

4. Administrative Functions

• User management
• Clinic configuration
• Service and schedule management
• Billing and invoicing
• Reports
• Settings

5. Reporting

• Which reports can be generated
• Data export permissions
• Analytics access

Configuring Permissions

1. Navigate to Settings → Permission Settings
2. Select the role you want to configure
3. Review the capability checklist
4. Enable or disable specific permissions
5. Save changes
6. Changes apply immediately to all users with that role

Permission Inheritance

• Administrator: Has all permissions by default
• Clinic Admin: Has clinic-level permissions
• Receptionist: Has clinical permissions
• Doctor: Has clinical permissions
• Patient: Has personal data access only

⚠️ WARNING: Disabling critical permissions may prevent users from performing their core duties. Test changes carefully.

---

Role Capability Matrix

Below is a comprehensive matrix showing what each role can do across key features:

Appointment Management

Capability	Admin	Clinic Admin	Doctor	Receptionist	Patient
View All Appointments	✅	✅ Clinic Only	✅ Own Only	✅ Clinic Only	✅ Own Only
Create Appointments	✅	✅	✅	✅	✅
Edit Appointments	✅	✅	✅ Own	✅	✅ Own
Delete Appointments	✅	✅	✅ Own	✅	❌
Cancel Appointments	✅	✅	✅	✅	✅ Own
Check-In Patients	✅	✅	✅	✅	❌
Export Appointments	✅	✅	✅ Own	✅	❌

Patient Management

Capability	Admin	Clinic Admin	Doctor	Receptionist	Patient
View All Patients	✅	✅ Clinic Only	✅ Assigned	✅ Clinic Only	✅ Self
Add Patients	✅	✅	✅	✅	❌
Edit Patients	✅	✅	✅ Assigned	✅	✅ Own Profile
Delete Patients	✅	✅	❌	❌	❌
Export Patient Data	✅	✅	❌	❌	✅ Own Data
View Medical History	✅	✅	✅ Assigned	⚠️ Limited	✅ Own

Clinical Records

Capability	Admin	Clinic Admin	Doctor	Receptionist	Patient
View Encounters	✅	✅	✅ Own	⚠️ Limited	✅ Own
Create Encounters	✅	✅	✅	❌	❌
Edit Encounters	✅	✅	✅ Own	❌	❌
Delete Encounters	✅	✅	❌	❌	❌
Create Prescriptions	✅	✅	✅	❌	❌
View Prescriptions	✅	✅	✅ Own	⚠️ Limited	✅ Own
Medical Records 🔷 PRO	✅	✅	✅ Assigned	⚠️ Limited	✅ Own

Staff & Clinic Management

Capability	Admin	Clinic Admin	Doctor	Receptionist	Patient
Manage Clinics 🔷 PRO	✅ All	✅ Own	❌	❌	❌
Add Doctors	✅	✅	❌	❌	❌
Edit Doctors	✅	✅	✅ Own Profile	❌	❌
Add Receptionists	✅	✅	❌	❌	❌
Manage Services	✅	✅	❌	⚠️ View Only	⚠️ View Only
Manage Schedules	✅	✅	✅ Own	⚠️ View Only	⚠️ View Only
Configure Settings	✅	✅ Clinic	❌	❌	❌

Billing & Financial 🔷 PRO

Capability	Admin	Clinic Admin	Doctor	Receptionist	Patient
View All Bills	✅	✅ Clinic Only	⚠️ Limited	✅ Clinic Only	✅ Own Only
Create Bills	✅	✅	❌	✅	❌
Edit Bills	✅	✅	❌	✅	❌
Process Payments	✅	✅	❌	✅	✅ Own
Generate Invoices	✅	✅	❌	✅	❌
Financial Reports 🔷 PRO	✅	✅ Clinic Only	❌	⚠️ Limited	❌

Reports & Analytics 🔷 PRO

Capability	Admin	Clinic Admin	Doctor	Receptionist	Patient
Dashboard Statistics	✅ All	✅ Clinic	✅ Personal	⚠️ Limited	✅ Personal
Generate Reports	✅ All	✅ Clinic	✅ Personal	⚠️ Limited	❌
Export Reports	✅	✅	✅ Own	⚠️ Limited	✅ Own Data
View Analytics	✅	✅	✅ Personal	⚠️ Limited	❌

Legend:

• ✅ Full Access
• ⚠️ Limited/View Only Access
• ❌ No Access

---

How Access Control Works

Understanding how KiviCare enforces access control helps ensure security and proper system usage.

Menu & UI Level

• Dynamic Menu Display: Menu items are automatically hidden if a user lacks permission
• Conditional Buttons: Action buttons (edit, delete, etc.) only appear when allowed
• Role-Based Dashboards: Each role sees a customized dashboard relevant to their work

Backend Security

• Capability Checks: All actions are validated against user capabilities
• API Endpoint Protection: REST API requests verify permissions
• Database Query Filtering: Database queries automatically filter data based on role
• Action Hooks: WordPress action hooks ensure multi-layer security

Data Isolation

• Clinic-Based Filtering: Multi-clinic setups isolate data per clinic
• Doctor-Patient Association: Doctors only see patients assigned to them
• Personal Data Protection: Patients only access their own records
• Role Hierarchy: Lower roles cannot access higher-level administrative data