Virtual reception can be quite a handy service—especially if you're a sole practictioner who doesn't have the time to do the "admin" work on top of your "patient" work. (Or even if you run a large practice, but need some extra help outside of your existing staff!)
There's nothing wrong with setting a virtual receptionist up with access to your Cliniko account. You'll just want to make sure that you take all the necessary steps to ensure that their access is secure (and it's always important to trust the people who will be working with confidential patient health information).
If you employ a virtual receptionist, or are thinking about hiring one, then this guide is for you. In it, we'll outline best practices for setting up their accounts, their security permissions, how to ensure that they are taking the utmost precautions when it comes to accessing your patient data, and ways you can set them up for success. This includes:
Read on more more information on all things virtual reception.
Setting virtual receptionists up with access to your Cliniko account
Generally speaking, a virtual reception role is going to be pretty much the same as an in-office reception role! While it's true that a virtual receptionist probably won't be printing off receipts to physically give to patients as they leave the clinic, or handling paper intake forms, they will be logging into your Cliniko account to assist with things like booking appointments, processing payments, emailing receipts to patients, and even uploading digital files.
First things first, you will want to set each virtual receptionist up with their very own user role. This means that you do not want to set up one user called "Virtual Reception" with a single email and password that is shared amongst several users. If there is more than one virtual receptionist accessing your account, it might seem easier for them to all share the same credentials, but this isn't a safe practice for accessing secure patient health data.
Reception users do not impact the price of your subscription, and it's very straightforward to set each person up with their own login credentials. Ensuring that they're each using their own email and password will go a long way in keeping your account secure.
Setting the permissions for virtual receptionists
We recommend that you take a good look at our guide on user security roles. It outlines what each role can do—and reviewing it will be an important part of your decision process around what role to set your virtual receptionist up with. Most likely, you will be picking one of these three:
Click through the links above for in-depth details about what each role entails. The permissions increase for each "level" (so, a scheduler has the least permissions, whereas a power receptionist has the most permissions).
When considering which role to give to your virtual receptionists, think about what you will need them to do. Are they only going to be entering appointments when a patient calls to book something in? The scheduler role will probably be fine. Are they going to need to email receipts to patients, and view end-of-day finance reports? The receptionist or power receptionist role would be applicable (keeping in mind that a power receptionist can do more than a regular receptionist).
Ultimately, you are going to want to feel confident that you trust the virtual receptionists who you have hired to access your Cliniko account. Providing anyone with access to confidential patient health information is a big deal, and deciding who will have that privilege is very important.
2 factor authentication (2FA) and virtual receptionists
2FA is an additional component of the sign-in process. It requires "something you know" (your email and password) and "something you have" (your phone). When it comes to virtual receptionists, they will be signing in with their email address and password, but we also strongly encourage that they use 2FA. (In fact, we strongly encourage everyone on your account use 2FA!).
Setting up 2FA is the single most important thing you can do to secure your account. We encourage you to enforce account-wide 2FA (this is actually a requirement if you are in Australia and are integrated with Xero), which means that every single user who logs in will need to have 2FA set up—requiring them to enter a unique 6-digit code upon signing in, in addition to their email address and password.
The way that 2FA works is as follows: a user downloads an "authentication app" onto their phone (we recommend Twilio Authy), and each time they sign into Cliniko, they will need to enter their email, their password, and a unique 6-digit code that's generated by that app.
In a perfect world, each virtual receptionist would have their own unique email and password to log into Cliniko on their own unique device, and they would also have a mobile phone that they could download the app onto. They would then take out their phone to enter the 2FA code upon signing into Cliniko, and that will be that!
However, we know that this isn't always the case, as potentially some virtual receptionists may not be allowed to have their phones at work, or may share a computer with someone else. We'll walk you through some suggestions of how to handle these scenarios.
Your virtual receptionist isn't allowed to have a phone at work. How can they use 2FA?
If your virtual receptionist isn't allowed to have a phone at work, then it means the phone-based 2FA app is off the table. They won't be able to use that to sign in. Twilio Authy offers a desktop application, which means that the 2FA app can be installed right on the computer that your virtual receptionist is using. They can then open the app and enter the unique code, therefore logging into Cliniko.
If someone is using a desktop 2FA app, then it means anyone who has access to that computer could potentially access the app, and therefore the codes. If a desktop 2FA app is being used, we strongly advise that the user protect it with a secure password as well as log out of the computer each time they are done using Cliniko. This makes it far less likely that someone else, who may also use that computer, would have access to the 2FA app.
Multiple virtual receptionists work for you, and they all share the same email address and password. Can they share a 2FA code?
No, and please don't do this. Every virtual receptionist should have their own user account set up, where they are each logging in with their own email and password. Reception users do not impact the price of your subscription, and getting them set up with their own profiles is quick and easy to do.
We understand that it might be convenient for multiple virtual receptionists to share the same email and password, but this isn't a safe account security practice, and convenience shouldn't outweigh keeping secure patient health data secure. Also, as 2FA is designed around individual users, it wouldn't be possible to have multiple people sharing the same sign-in credentials and the same 2FA app (as the app would be installed on each individual person's phone).
Tips to help keep the virtual reception process running smoothly
Now that you've got your virtual receptionist (or several) all set up on your Cliniko account with their own individual sign-in credentials, there are some things you can do to help make their job (and yours) easier!
Share our "training for reception staff" guide with them. This will be a helpful set of how-to instructions that they can keep on hand, and reference as they're getting up to speed with how to use Cliniko!
Set up secure patient intake forms. With these, there will be no back-and-forth emailed forms, attachments to deal with, or missing documents. Cliniko's intake forms can be set up so that they are emailed to patients right when their appointment is booked, and the patient can then fill out the form and submit it back to you. The whole process is free of emails and attachments, and virtual receptionists will be able to double-check that the form has been submitted, as they can see its "status" right on the appointment.
If you offer online bookings, you can allow patients to pay online. Virtual receptionists will easily be able to see whether an appointment has been paid for up front, and it will be straightforward to email receipts to patients.
Customise access to letters and file attachments. You can opt to restrict access to these things (meaning, anyone with the receptionist or power receptionist role will have more limited access), or make access a bit looser (for example, if patient file attachments don't contain confidential information, you can set things up so that reception users can view the attachments themselves).
Preload extra information onto invoices. You can let your virtual reception team know about the "Invoice extra information" feature, which will allow them to enter unique details that may need to be on every invoice (such as a patient's insurance company). This information only needs to be entered once, and it will then show up on every invoice!
Let them know about the communications log. This is a list of every outgoing communication from Cliniko (such as appointment reminders, confirmation emails, SMS messages, and invoices, to name a few), and it also logs incoming SMS replies. Virtual receptionists can look at this log to see if and when something was sent out to a patient, as well as if it's been marked as "sent" or "failed".
Every clinic operates differently, as does every virtual reception team. If something on this list doesn't make sense, or if you have questions, please reach out to the Cliniko support team, and we can help you out!
Are you a virtual receptionist?
If so, then we've created a guide just for you, which covers frequently asked questions about how to access and manage the Cliniko accounts you've been granted access to. Head over here to learn more!