Security

Share medical records with clear access controls.

MedDossier is built for sensitive medical files. Packets are prepared with patient-authorized permissions, controlled sharing, expiring links, and clear limits on what the service can decide. Uploading records does not authorize external sharing.

Sharing controls

Three things to know before you share records.

MedDossier prepares records for review. It is not a doctor, diagnosis service, prescription service, emergency service, treatment advice service, formal second opinion, hospital recommendation service, or admission guarantee.
Automation helps with extraction and translation, while important packet details can pass through human review before external sharing.
Hospital or care-team sharing requires explicit authorization before controlled sharing starts, including recipient, shared content, duration, download limits, forwarding limits, and future revocation.

Safeguards

Controls that make record sharing safer.

The goal is simple: make medical records easier to review without turning sensitive files into uncontrolled email attachments.

Role-based access

Patient, reviewer, operations, and hospital-facing access are separated so each viewer sees the right part of the case.

Share links can expire

Hospital-facing packet access uses signed share tokens with explicit expiry windows, download settings, and forwarding limits so a temporary handoff does not become a permanent public URL.

Important actions leave evidence

Order creation, uploads, user confirmations, sharing authorization, revocation, quality checks, and major status changes create records that help the team follow up responsibly.

Retention can be reviewed

Generated deliverables and related case material can follow retention windows instead of implying that files stay forever by default.

Current public controls

Separate entry points for patient, reviewer, operations, and hospital-facing access.
Recipient, shared content, duration, download, forwarding, and revocation controls for packet shares.
Uploading records does not authorize external sharing.
Records for meaningful actions and status changes.
Retention periods can be set, and access permissions can be managed.

What needs a direct conversation

Formal compliance commitments, legal opinions, or customer-specific SLA language.
Institution-specific deployment patterns, SSO, or long-term archival requirements.
Live production validation for third-party integrations and hospital endpoint contracts.
Any control that depends on a specific hospital, care program, region, or contract.