• $50 – $8,000 per vulnerability
  • Partial safe harbor

New Feature: Dashboard User Accounts

A new feature has been added that allows existing HotDoc users to give additional users authorised access to their clinic and patient data. We are excited for you to test this, as it puts more control in the existing users hands with regards to who is permitted to manage their clinic. As the feature touches both authentication and authorisation, it is important that users created through this feature are given the correct permissions, at the correct clinic.

What is this feature?

The ‘Dashboard User Accounts’ feature allows existing dashboard users to invite additional authorised users to access their clinic. Previously this functionality was only available by contacting HotDoc.

How's it supposed to work?

Only Clinic users with a ‘Practice Manager’ role can invite other users. A ‘Receptionist’ clinic user should not be able to invite new users.
Clinic users that are invited from the dashboard should only be able to access the clinic they have been invited to.
Clinic users can only have access to one clinic, therefore an existing clinic user cannot be invited to another clinic.
This feature only provides the ability to invite a new user. The update and delete actions require contacting HotDoc.
Invited clinic users must provide their first and last names, a password, as well as accepting the HotDoc terms of service.

How do you access the feature?

As an existing clinic user with a ‘Practice Manager’ role, log in to the HotDoc dashboard, then navigate to ‘Setup’ > ‘User Accounts’.

Where can I find more information?

See our support centre article for more information.

Happy hunting, we look forward to you testing our app, as always!

EDIT: Please note that the link to the Dashboard, in the "User creation success" screen points to the (out of scope) production site ( and not the (in scope) staging site ( - please bear this in mind when signing up as a new Clinic User!!