Multi-branch clinic management software. All your branches, one account.
Avinya Plus is multi-branch clinic management software where each branch is an isolated project under one organization. Staff log in once and switch branches; PostgreSQL Row Level Security stops one branch reading another's data. Roles, settings, and sequential invoice numbers are per-branch, while org Owners and Admins get oversight across the group, and RLS is never switched off. India-first, in early access.
Two branches, two logins, and a spreadsheet that lies
Run more than one clinic and the wheels come off. Each location ends up on its own tool, its own register, its own login. The owner can't see today's collection at Branch B without driving there. Staff who cover two sites juggle two passwords. And the scariest part: nothing stops a receptionist at one branch from seeing another branch's patients. You need one account that keeps every branch walled off, yet lets the owner see the whole group.
Built for how clinics actually work.
Each branch is a walled-off tenant, enforced by the database
Every branch is a separate tenant, and every patient, appointment, invoice, prescription, and medical record carries that branch's id. PostgreSQL Row Level Security is enabled and forced on all of these tables, and the policies require an explicit membership in that branch. There is no 'where branch = ?' filter in app code for a developer to forget; one branch can never read another's rows, even if someone bypasses the UI.
One login, switch between branches in a click
A user belongs to many branches, one of which is flagged the primary. Logging in lands you on your active branch; switching is a click, and the app remembers your last active branch (validated against your current memberships, with the primary as fallback). Staff who cover two locations don't keep two passwords. They switch context, and patients, navigation, and permissions all swap to that branch.
Roles are set per branch, not globally
Each new branch is auto-seeded with Doctor, Front Desk, and Nurse roles (you're the Administrator), each carrying its own permission tree: Front Desk gets patient registration, scheduling, and billing, but no medical-record or prescription access. Because roles are keyed to the branch with a unique (branch, role name) constraint, the same person can be a Doctor at one branch and Front Desk at another, and changing their role at one branch never touches the other.
Central oversight for the owner, without weakening isolation
The clinic group sits inside one organization, and each branch is a project under it. An org Owner or Admin can read every branch, and database triggers also grant them a real Administrator membership in each branch, kept in sync when you open a new branch or promote someone. So the owner sees every branch from one account, regular branch staff stay locked to their own branch, and per-branch RLS is never switched off to make it work.
Invoice numbers that can't collide across branches
Each branch keeps its own invoice series, so two branches billing at the same second can never land on the same number and your books stay clean per branch for your CA. The counter is keyed by branch, billing context, and month, and is bumped atomically inside the database, so there's no cross-branch contention and no duplicate numbers anywhere in the group.
Each branch's dashboard shows only that branch's numbers
Branch dashboards are scoped to the branch you're in: today's collection, pending dues, draft and cancelled counts, and average ticket size are computed in one database query filtered to that branch, behind an access guard that rejects callers without access. Switch branches and the whole dashboard switches with you.
At a glance
- Each branch is a separate tenant; Row Level Security is enabled and forced on every branch-scoped table, with policies that require explicit branch membership, so one branch can never read another's data.
- Staff belong to many branches and switch from one login without logging out; the last active branch is remembered and re-validated against current memberships.
- Roles are per branch (Doctor, Front Desk, Nurse seeded on creation, unique by branch + name; the creator is the Administrator); the same user can hold a different role at each branch.
- Org Owners and Admins get oversight via a read path plus an Administrator membership auto-granted in each branch by database triggers, giving central visibility without disabling per-branch RLS.
- Per-branch invoice numbers come from an atomic sequence keyed by branch, billing context, and month, so no two branches can ever share a number.
- Each branch's dashboard (today's revenue, pending dues, draft/cancelled counts, average ticket) is computed in one query scoped to that branch, behind an access guard.
See how it stacks up.
| Feature | Paper / Excel | Legacy EMR | Avinya Plus |
|---|---|---|---|
| All branches under one login | No | Partial | Yes |
| Strict per-branch data isolation | No | Partial | RLS |
| Switch branches without logging out | No | Partial | Yes |
| Per-branch roles for shared staff | No | No | Yes |
| Collision-proof invoice numbers across branches | Manual | Partial | Yes |
| Owner oversight across every branch | By hand | Partial | Yes |
| Per-branch dashboard | No | Partial | Yes |
Questions, answered.
Can staff at one branch see another branch's patients or invoices?
No. Each branch is a separate tenant and every record carries that branch's id. PostgreSQL Row Level Security is enabled and forced on patients, appointments, invoices and medical records, and the policies require an explicit membership in that branch, so staff only ever see branches they belong to. The isolation lives in the database engine, not in app code a developer could forget to apply.
Does one staff member need a separate login for each branch?
No. One login covers all the branches you belong to. Staff who cover two locations switch branches without logging out, and patients, navigation, and permissions update to that branch. Your last active branch is remembered for next time, validated against the branches you currently have access to.
Can the same person be a Doctor at one branch and Front Desk at another?
Yes. Roles are stored per branch, keyed by a unique (branch, role name) constraint, so a user can hold a different role at each branch. Changing someone's role at one branch doesn't affect their role at any other branch, and this is covered by the platform's tenant-role isolation tests.
Can the group owner see all branches from one account?
Yes. The clinic group is one organization and each branch is a project under it. Org Owners and Admins get a read path across the org plus a real Administrator membership in every branch, granted and kept in sync by database triggers when you add a branch or promote someone. So the owner oversees the whole group while regular branch staff stay locked to their own branch, and per-branch isolation is never disabled to do it.
How do invoice numbers work across branches?
Each branch keeps its own series, keyed by branch, billing context, and month and incremented atomically in the database. Two branches billing at the same instant can never get the same number, and numbering stays clean per branch for your accountant. There are no duplicate invoice numbers anywhere in the group.
Is this only for India, and what does it cost?
It's India-first today (GST billing, en-IN), and the multi-branch architecture is built to go global. Avinya Plus is a generic, configurable platform with 40+ specialties, and it's in early access.
Run your clinic on Avinya Plus.
Patient records, billing, and scheduling in one system your team will actually use.