Compliance

Multi-Portal Role-Based Access Control (RBAC)

In multi-stakeholder telehealth, 'everyone sees everything' is a privacy disaster. Multi-portal Role-Based Access Control (RBAC) keeps data safe across patients, specialists, clinics, employers, and partners.

Multi-Portal Role-Based Access Control (RBAC)

When your telehealth platform serves patients, specialists, clinic admins, employer programs, and affiliate partners, the default “admin sees all” model breaks GDPR and trust. Multi-portal Role-Based Access Control (RBAC)-access scoped by portal and role-is the solution.

Daraport’s four-portal architecture (Patient, Specialist, Organization, Affiliate) enforces RBAC natively: each user sees only what’s necessary for their role, with tenant isolation and audit trails. Here’s how it works in practice.

Patient Portal: Self-serve, zero exposure

Patients access their care journey without seeing others’ data or exposing it upstream.

RBAC setup:

  • Scoped to self: View/download profile, consents, appointments, messages, video history, payments, and data rights.
  • No cross-patient access: Cannot see other patients, specialists outside their relationship, or org-level data.
  • Consent-gated actions: Video or data sharing blocked until consents are signed; self-revoke effective immediately.

The Patient Portal provides a guided, privacy-first experience, so patients safely share sensitive information like mental health history.

Specialist Portal: Care delivery focus

Specialists need full access to their patients but nothing beyond.

RBAC ensures:

  • Patient-specific access: Full view of assigned patients’ profiles, consents, bookings, chat, video logs, private notes, and transactions.
  • No org or peer access: Cannot see other specialists’ patients, org dashboards, or affiliate data.
  • Pre-session gates: Consent and intake status visible before video; block access if incomplete.

The Specialist Portal focuses the clinician on care delivery, with no temptation to access unrelated records.

Organization Portal: Oversight without surveillance

Clinics, networks, and employers need aggregated visibility-but not unnecessary access to individual patient data.

RBAC configurations:

  • Scoped oversight: Directory of patients and specialists; aggregated metrics (utilization, bookings, consent status) without identifiers by default.
  • Privacy modes: Anonymized reporting for wellbeing programs; drill-down only with role escalation.
  • Action limits: Approve specialists, monitor consents, view financials-no patient messaging or note editing.

The Organization Portal supports full oversight while preserving privacy, with granular admin permissions.

Affiliate Portal: Marketing without patient data

Partners and internal teams drive acquisition but should not access patient information.

RBAC rules enforce:

  • Attribution-only: Track referrals, traffic, conversions, commissions-fully anonymized.
  • No care data: Cannot see patients, bookings, messages, or clinical info.
  • Scoped campaigns: Brand/domain tracking without downstream visibility.

The Affiliate Portal provides transparency for partners with zero patient exposure and audit-ready logs.

How Multi-Portal Role-Based Access Control works

A unified data layer provides portal-scoped views:

Portal Data access Example use case
Patient Own record only Update profile, join session, download data
Specialist Assigned patients Review consents, message, deliver video
Organization Org-scoped aggregate Utilization reports, consent compliance
Affiliate Anonymized attribution Track referrals, view commissions

Additional layers:

  • Tenant isolation: Multi-brand operations keep data siloed by site/region.
  • Audit logs: Every access logged with who, what, when-queryable for compliance.
  • Escalation: Temporary role boosts for admins, fully auditable.

RBAC in Daraport is structural, not just a config checkbox.

Compliance and operational benefits

Multi-portal Role-Based Access Control provides:

  • GDPR alignment: Data minimization, purpose limitation, patient rights built-in.
  • Reduced risk: Prevents accidental cross-access; audits are simple.
  • Team efficiency: Specialists focus on care; orgs on oversight; no permission conflicts.
  • Scale-ready: Add clinics, employers, or affiliates without access sprawl.

Practices using multi-portal RBAC report faster clinician onboarding and fewer compliance tickets.

Implementation checklist

Secure your telehealth platform with multi-portal Role-Based Access Control:

  • Define portals per role: Patient, Specialist, Organization, Affiliate-with scoped views.
  • Enforce relationship scoping: No cross-patient access without explicit ties.
  • Add privacy modes for sensitive programs (e.g., anonymized employer reporting).
  • Log everything for audits and Data Subject Access Requests (DSARs).
  • Test escalations and revocations end-to-end.

Platforms like Daraport make RBAC the default, protecting data while enabling clinics, networks, and programs to scale safely.

Continue Reading

Four-Portals for Scalable Telemedicine
Best Practices

Four-Portals for Scalable Telemedicine

Most telemedicine stacks break down as soon as you add multiple clinics, brands, or partners. A four-portal architecture separates patients, specialists, organizations, and affiliates into focused workspaces on a shared core, dramatically simplifying operations while keeping you ready to scale.

Read more
Cutting Telehealth No-Shows
Growth

Cutting Telehealth No-Shows

Telehealth no-shows aren’t just a ‘patient problem’. They’re an ops problem. Here’s what we actually changed-reminders, workflows, and rules-to bring rates under control.

Read more

Ready to discuss your telehealth setup?

Tell us about your use case and we'll help you identify the right combination of portals, features, and controls for your needs.

Let's talk