Skip to main content

Overview

The doctor management system handles medical staff accounts, their specialties, license information, and branch assignments. Doctors have their own user accounts with clinical permissions and can be assigned to specific clinic locations. Interface Location: /doctors
API Endpoint: /api/doctors
Source Code: src/routes/doctors/+page.svelte
Only users with the MANAGE_DOCTORS permission (admins) can create, edit, or delete doctor accounts. All users with VIEW_DOCTORS permission can view the doctor list.

Database Schema

Users Table

Doctors are stored in the users table with role = 'doctor': 
CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    name VARCHAR(100) NOT NULL,
    username VARCHAR(50) UNIQUE NOT NULL,
    email VARCHAR(100) UNIQUE,
    password VARCHAR(255) NOT NULL,
    role ENUM('admin', 'doctor', 'secretary') NOT NULL,
    initials VARCHAR(5),
    branch_id INT,
    status ENUM('active', 'inactive') DEFAULT 'active',
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    FOREIGN KEY (branch_id) REFERENCES branches(id) ON DELETE SET NULL
);

Doctors Table

Additional medical information is stored in the doctors table: 
CREATE TABLE doctors (
    id INT AUTO_INCREMENT PRIMARY KEY,
    user_id INT UNIQUE NOT NULL,
    specialty VARCHAR(100),
    license_number VARCHAR(50),
    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
);

Doctor-Branch Association

Doctors can be assigned to multiple branches: 
CREATE TABLE doctor_branches (
    doctor_id INT NOT NULL,
    branch_id INT NOT NULL,
    PRIMARY KEY (doctor_id, branch_id),
    FOREIGN KEY (doctor_id) REFERENCES doctors(id) ON DELETE CASCADE,
    FOREIGN KEY (branch_id) REFERENCES branches(id) ON DELETE CASCADE
);
This many-to-many relationship allows doctors to work at multiple clinic locations, providing scheduling flexibility.

Supported Specialties

The system supports the following dental specialties:

Odontología General

General dentistry and preventive care

Cirugía Oral y Maxilofacial

Surgical procedures and maxillofacial surgery

Ortodoncia

Braces and orthodontic treatment

Endodoncia

Root canal treatment

Periodoncia

Gum disease treatment

Prostodoncia

Dentures and prosthetic dentistry

Odontopediatría

Pediatric dentistry

Radiología Oral

Dental imaging and diagnostics

Patología Oral

Oral disease diagnosis

Implantología

Dental implants

Creating a Doctor Account

Required Information

name
string
required
Doctor’s full name (e.g., “Dr. Carlos Soto”)
username
string
required
Unique username for system login
password
string
required
Secure password (hashed with bcrypt)
email
string
Doctor’s email address (optional)
specialty
string
Medical specialty (defaults to “Odontología General”)
license_number
string
Professional license or exequátur number
branch_id
integer
Primary branch assignment

API Request

POST /api/doctors
Content-Type: application/json

{
  "name": "Dr. María González",
  "username": "dr.gonzalez",
  "password": "securePassword123",
  "email": "[email protected]",
  "specialty": "Ortodoncia",
  "license_number": "MAT-67890",
  "branch_id": 1
}

Automatic Initials Generation

The system automatically generates user initials from the full name: 
const initials = name
  .split(" ")
  .map(n => n[0])
  .join("")
  .toUpperCase()
  .substring(0, 3);
For example:
  • “Dr. Carlos Soto” → CS
  • “María González López” → MGL
Initials are used throughout the UI for avatar displays and quick identification.

Password Security

Passwords are hashed using bcrypt before storage: 
const hashedPassword = await bcrypt.hash(password, 10);
The hashed password is stored in the users table, ensuring plaintext passwords are never saved.

Updating Doctor Information

Edit Endpoint

PUT /api/doctors
Content-Type: application/json

{
  "doctor_id": 1,
  "user_id": 2,
  "name": "Dr. Carlos Soto",
  "email": "[email protected]",
  "username": "dr.soto",
  "specialty": "Cirugía Oral",
  "license_number": "MAT-12345",
  "branch_id": 2,
  "status": "active"
}

Password Changes

When editing a doctor, the password field is optional:
  • Leave blank to keep the existing password
  • Provide a new password to update credentials
Changing a doctor’s password will immediately invalidate their current session. They must log in again with the new credentials.

Doctor Status

Doctors can have two status values:
StatusDescriptionEffect
activeDoctor is currently workingCan log in and access the system
inactiveDoctor is temporarily or permanently unavailableCannot log in; appointments cannot be scheduled
Inactivating a doctor does not delete their records or past clinical data. Use this for medical leave, vacation, or staff changes.

Deleting Doctors

Delete Endpoint

DELETE /api/doctors?userId=2

Cascade Behavior

Deleting a doctor triggers the following database actions:
1

User Account Deletion

The user record is removed from the users table
2

Doctor Record Deletion

The associated record in the doctors table is automatically deleted (ON DELETE CASCADE)
3

Branch Assignment Cleanup

All entries in doctor_branches are removed
4

Clinical Data Preservation

Medical records, appointments, and indications created by the doctor remain in the database for regulatory compliance
This action is irreversible! The doctor’s account and login credentials are permanently deleted. Consider using the inactive status instead for temporary removals.

Viewing Doctors

Doctor List View

The doctor management interface displays:
  • Doctor Avatar with generated initials
  • Full Name and username
  • Specialty with icon
  • License Number (exequátur)
  • Assigned Branch
  • Status (Active/Inactive)
  • Action Buttons (Edit/Delete for admins)

Search and Filtering

Doctors can be searched by:
  • Name
  • Specialty
  • License number
const filteredDoctors = doctors.filter(d => {
  const q = searchQuery.toLowerCase();
  return (
    d.name?.toLowerCase().includes(q) ||
    d.specialty?.toLowerCase().includes(q) ||
    d.license_number?.toLowerCase().includes(q)
  );
});

API Stored Procedures

The doctor API uses several MySQL stored procedures:

List Doctors

CALL sp_list_doctors_view();
Returns a view with doctor information joined with user and branch data.

Create Doctor

CALL sp_create_doctor_full(name, username, email, password, initials, specialty, license_number, branch_id);
Creates both the user account and doctor record in a single transaction.

Update Doctor

CALL sp_update_doctor_full(doctor_id, user_id, name, email, username, initials, specialty, license_number, branch_id, status);
Updates both user and doctor tables atomically.

Delete Doctor

CALL sp_delete_doctor_full(user_id);
Removes the doctor and associated records while preserving clinical data.

Permission Requirements

View Doctors

Permission: VIEW_DOCTORS
Roles: Admin, Doctor, Secretary All authenticated users can view the list of doctors to see who is available for appointments.

Manage Doctors

Permission: MANAGE_DOCTORS
Roles: Admin only Only administrators can create, edit, or delete doctor accounts.

Branch Assignments

Primary Branch

Each doctor has a branch_id field in the users table representing their primary location.

Multiple Branch Support

The doctor_branches table allows assigning doctors to multiple locations: 
INSERT INTO doctor_branches (doctor_id, branch_id) VALUES 
  (1, 1),  -- Doctor 1 at Branch 1
  (1, 2);  -- Doctor 1 at Branch 2
This enables:
  • Scheduling appointments at different locations
  • Rotating doctors between branches
  • Multi-location coverage
Use the primary branch for the doctor’s main office, and the doctor_branches table for additional coverage locations.

Default Test Data

The system includes a test doctor account:
FieldValue
NameDr. Carlos Soto
Usernamedoctor
Passworddoctor123
Email[email protected]
Roledoctor
SpecialtyCirugía Oral
LicenseMAT-12345
BranchSucursal Norte (ID: 2)
Assigned BranchesCentral, Norte

Best Practices

Ensure each doctor has a unique, memorable username. Consider using format like dr.lastname or firstname.lastname.
Always record license/exequátur numbers for regulatory compliance and verification.
Use the inactive status for temporary removals (vacation, leave). Only delete accounts when doctors permanently leave the practice.
Ensure doctors provide valid email addresses for system notifications and password recovery.
Enforce strong password policies when creating doctor accounts to protect patient data.

Authentication

How doctors log in and manage their sessions

Roles & Permissions

Doctor role capabilities and access levels

Branch Management

Managing clinic locations for doctor assignments

Build docs developers (and LLMs) love

Get started for freeTalk to us