Skip to main content

Overview

v1.3 is the most substantial release since the platform launched. It ships three independent initiatives that together raise the quality ceiling of every part of OdontoX: a ground-up redesign of the e-Prescriptions module, a 21-issue security audit that closes every known vulnerability, and deep linking across every view in the application so the URL always reflects what is on screen. The prescriptions overhaul alone represents the majority of the engineering effort. Every interaction has been rethought: drugs are now sourced from a searchable catalog pre-loaded with commonly prescribed Pakistani generics, the flat creation form has been replaced with a guided 3-step wizard, doctors can attach their digital signature directly from the wizard, and clinics that have uploaded a branded letterhead receive professional-grade PDF exports with their logo and contact information in the header and footer — automatically.

e-Prescriptions — Complete Module Redesign

The prescriptions module has been rebuilt from the ground up. The existing flat create-and-edit form is gone. In its place is a three-step wizard that guides the prescribing doctor through every decision in a logical order.

Medication Catalog

A dedicated medication catalog now lives behind the scenes. It ships pre-loaded with approximately 80 commonly prescribed generic drugs across 10 clinical categories used in Pakistani dental and general practice: Antibiotics, Analgesics / NSAIDs, Antifungals, Antihistamines, Vitamins & Supplements, Antacids / GI, Corticosteroids, Antivirals, Topicals, and Miscellaneous. When a doctor types in the drug search field, the catalog returns matching results instantly — showing the drug name, generic name, category, and available dosage forms. Common dosages and frequencies (OD, BD, TDS, QID, SOS) are suggested automatically once a drug is selected, eliminating manual entry for routine prescriptions. Clinics can extend the catalog with their own custom drugs. Custom drugs are private to the clinic and can be added inline directly from the search dropdown without leaving the wizard. System drugs (the pre-loaded generics) are read-only; only clinic-created drugs can be removed.

3-Step Wizard

Step 1 — Patient & Details. Select the patient (pre-filled when opened from a patient profile), the prescribing doctor, the prescription date, and status. Add a diagnosis and any free-text notes. The wizard does not advance until a patient is selected. Step 2 — Medications. Search and add medications from the catalog. Each medication gets its own collapsible card with four compact fields: dosage (with catalog suggestions), frequency (OD / BD / TDS / QID / SOS / Custom), duration, and quantity. An optional instructions field handles special instructions. Multiple medications stack below. Removing a medication is a single tap. Step 3 — Sign & Export. The wizard fetches the prescribing doctor’s active signature from Signature Center and displays a preview. If no signature is on file, a warning banner explains this and links directly to Signature Center — export is still permitted. A template selector lets the doctor choose between the clinic’s uploaded letterhead and the default OdontoX template. A summary strip shows the patient name, medication count, and generated Rx number before saving. Two actions close the wizard: Save (creates an active prescription with no PDF) and Save & Export PDF (saves and immediately downloads the PDF).

Signature Center Integration

The prescribing doctor’s active signature is now saved on the prescription record at the time of creation or update. This means the signature that appears on a printed or exported PDF is the one that was active when the prescription was written — not whatever is currently on file. Historical prescriptions remain accurate even if the doctor updates their signature later.

Clinic Letterhead PDF Export

Clinics can now upload a branded letterhead template in Clinic Settings under Prescriptions → Prescription Template. Once uploaded, a preview is generated automatically so the clinic can verify how the letterhead looks before exporting. When a prescription is exported, the clinic’s letterhead appears as the full-page background with all prescription content — Rx number, patient details, diagnosis, medication list, notes, and the doctor’s signature — printed in the correct position over it. If the letterhead conversion fails at upload time, the clinic is kept on the default template and can retry. If a clinic has no template uploaded, the default OdontoX prescription template is used automatically. The letterhead upload card in Clinic Settings shows a live thumbnail preview, a replace button for updating the template, and a remove button to return to the default.

Admin Role Access

Prescriptions are now accessible to clinic admin users in addition to doctors. Admins see the same Prescriptions view in their sidebar (gated by the prescriptions module toggle) and have full access to create, view, and export prescriptions using the new wizard.

Security Hardening — 21 Fixes

A dedicated security audit was completed covering authentication, data isolation, file handling, and API surface. Every identified issue has been resolved. Authentication & session management: Encryption key rotation and secure key derivation for all stored credentials. Passkey credential IDs now encrypted at rest. Session timeout enforced uniformly across all protected routes. OTP codes are now strictly single-use with race condition protections applied. Password reset race condition closed. Multi-tenant isolation: All clinical queries now route through the active clinic context rather than the authenticated user’s clinicId. This closes a class of cross-clinic data access that could occur when a user belonged to multiple clinics. Rate limiting: Per-user rate limiting on MFA verification, OTP verification, sign-in, and sign-up endpoints. Configurable limits enforced via Cloudflare’s rate limiting bindings. Input handling: LIKE wildcard escaping in all audit log and search queries. Upload validation enforced with MIME type checking, magic-byte verification, and size limits. SVG uploads blocked on patient files to prevent stored XSS. CSRF & headers: Content Security Policy tightened — unsafe-inline removed from script sources. Admin pagination bounded to prevent unbounded result sets. Debug console logs and PII stripped from the authentication flow. Impersonation: UUID parameter validation on impersonation endpoints. Real user session preserved across impersonation so the original session can be restored. Rate limiting applied to the impersonation endpoint.

Deep Linking — Every View in the URL

Every module, tab, selected record, and sub-view now reflects its state in the browser URL. Refreshing the page takes you back to exactly where you were. Sharing a URL with a colleague takes them directly to the right patient, appointment, treatment plan, or invoice — no navigation required. Deep linking is active across: Patients (active tab, selected record), Appointments (detail page tab), Treatment Plans (view, plan ID, active tab), Clinical Notes (view, selected note), Installment Plans (expanded plan), Insurance Claims (selected claim), Lab Work (selected case), AI Insights (active tab), Billing Settings (active tab), Financial Hub (sub-view), Global Chat (mobile view state), and more. Browser back and forward buttons work correctly throughout the application. The login flow preserves the original URL through the OTT callback chain so users are returned to their intended destination after authentication.

Appointment & Calendar Improvements

A focused round of UX fixes and guardrails across scheduling and billing.

Appointment form

  • Smart time quick-picks — Five one-click shortcuts appear above the time field when creating a new appointment: Now, +30 min, +1 hr, +2 hr, and Tomorrow. Each snaps to the nearest 15-minute slot. The active selection is highlighted.
  • Status buttons hidden on new appointments — Confirm, Check In, Complete, No Show, and Cancel buttons no longer appear on the create form. They only show when editing an existing appointment.
  • Specific operating hours errors — Validation failures now name the exact boundary: “30-min appointment ends at 5:30 PM but clinic closes at 5:00 PM on Mondays” instead of a generic rejection message.
  • Doctor dropdown fixed — Doctors assigned to the clinic via invitations (stored in userClinicAssignments) now appear correctly in the dropdown when booking from a patient profile. Previously only the primary-clinic doctor was returned.

Calendar

  • Past time slot blocking — Clicking a past (shaded) time slot no longer opens the booking form. A toast error explains the slot is in the past.
  • Duration preselector on New Appointment — The New Appointment button now shows a duration picker (15 / 30 / 45 / 60 / 90 / 120 min) before opening the form, so duration is set before the form loads.
  • Persistent card info — Appointment cards in Day view and Doctor Day view now show the assigned doctor and room persistently on the card face, not just on hover.
  • Patient Records link fixed — The “Patient Records” link in the hover card now navigates to the correct patient profile URL.
  • Doctor Day view time positioning fixed — Appointments in the Doctor Day view were rendering at incorrect vertical positions due to a pixel-per-hour mismatch between the grid and the event engine. Now consistent at 52 px/hour.

Appointment detail

  • Room badge — The Overview tab now shows the assigned room as a colored badge. If no room is assigned, it shows “No room assigned” instead of leaving the field blank.

Invoices

  • Cancelled invoice guard — Record Payment and Create Claim buttons are hidden on cancelled invoices. The server also rejects payment API calls against cancelled or already-paid invoices with a 400 error.
  • Insurance module gate — Create Claim is only visible to clinics with the Insurance module active.

Support Portal & Documentation

OdontoX now has a public support portal and documentation site. It covers getting started, all clinical modules, billing, communication, patient portal, security, and role-specific guides. A blog is live with the first guide published. The portal is accessible to all OdontoX users.

Who Benefits

Doctors — prescribing is faster and more accurate. The drug catalog eliminates retyping common medications. The wizard enforces a consistent, complete prescription every time. Digital signatures are embedded automatically. Professional letterhead PDFs are one click away. Clinic admins — can now issue prescriptions directly without relying on a doctor account. Can upload and manage the clinic’s branded letterhead from Settings. Can better manage which add-on modules are active for their clinic. Patients — receive prescriptions on properly branded clinic letterhead with the prescribing doctor’s signature. Prescription PDFs are clean, professional, and complete. All users — the browser URL always matches what is on screen. Sharing a link, refreshing the page, or pressing back works as expected everywhere in the application.

Upgrade Notes

  • Existing prescriptions are fully backward compatible. All prescription records created before v1.3 continue to display correctly — no action required.
  • Clinics currently on Pro+ who had IPD, Insurance, or Marketing enabled will retain those modules — no action required. To activate these modules for a new clinic, contact [email protected].