01
Your commitments
- Verify a patient's identity (name + CNIC last 4) at every walk-in booking or cash payment.
- Log every cash transaction against the corresponding appointment. Unattributed cash in the drawer at close is a red flag and must be reported.
- Book only with the patient's explicit consent — for a family member, a signed consent form is required and stored on the appointment.
- Escalate any patient-safety concern (agitation, active suicidal ideation, threats) to the on-call therapist immediately. Do not deprioritise or triage clinical matters yourself.
- Use one active login per person. Sharing credentials with anyone — including a colleague or family member — is grounds for immediate termination.
- Report a suspected account compromise to security@therakonnect.com within 24 hours of noticing it.
- Keep your recovery email and phone up to date. Access is granted on those channels, not through the front desk.
- Follow Pakistani law and the specific licensure requirements of your role in the market you operate in.
- Never attempt to bypass, reverse, or otherwise defeat platform security (encryption, JWT, access controls). Even successful attempts on your own record are a violation.
02
Data access boundaries
Receptionists see appointment metadata and financial data. Clinical content is off-limits.
- You have no access to SOAP notes, treatment plans, or psychometric assessments. Do not attempt to read these even if a workaround exists.
- You may see patient name, contact, upcoming appointments, and payment status. Do not read chief-complaint fields or referral notes unless the therapist has explicitly asked you to relay a message.
- Never discuss a patient's clinical situation in front of another patient, another patient's family, or in a public area of the clinic.
03
Prohibited conduct
- Applying discounts without an audit reason. Every discount is stamped with your name; free-for-friends is fraud.
- Booking on-behalf-of without patient consent — this includes booking a patient's family member without a signed consent form.
- Accepting payment for a session and not recording it against the appointment.
- Sharing patient contact details with anyone outside the treating team, including your own colleagues at other clinics.
- Harassment of any kind directed at another platform user — including patients, therapists, staff, or the TheraKonnect team.
- Attempting to scrape, mirror, or bulk-export platform content that is not yours.
- Uploading malware, executables, or files disguised as clinical documents.
- Falsifying identity documents (CNIC, license certificates) or claiming credentials you do not hold.
- Using TheraKonnect infrastructure for anything outside the scope of therapy delivery — political campaigning, unrelated commerce, spam.
04
Cash-handling audit
- End of every shift: reconcile the cash drawer against the day's appointments marked paid. Discrepancies over PKR 500 must be documented and countersigned by the hospital admin.
- Refunds to patients require the hospital admin's countersignature and a written reason before the money leaves the drawer.
- Never take cash home for safekeeping. Deposit or lock in the clinic safe per your hospital's protocol.
05
Enforcement
- Minor first-time violations receive a written warning and a 7-day window to correct the issue.
- Repeated or severe violations trigger immediate account suspension and a case review.
- Terminations for policy violations are final. Refunds are governed by the refund policy — violation-based terminations receive no refund.
- Fraud, safeguarding failures, or credential misrepresentation may be reported to the relevant regulator (Pakistan Medical Commission, PMC provincial councils, and law enforcement where applicable).