Patient Authentication

How to allow a third-party app to access your health record

Patients of providers that use Epic software are able to connect third-party applications (apps) to retrieve parts of their health record for their own personal use. Examples of data that can be pulled into an app include lab results, allergies, medications, and immunization history.

In order to authenticate an app to retrieve your health data, follow these steps (note that images may not reflect your healthcare organization's exact layout or content for each step in the process):
  1. Make sure you have a MyChart (patient portal) account created for your healthcare provider organization. You will need your login credentials for the authentication process. Note: MyChart is an Epic branded name. Your organization may use a different name for their patient portal.
  2. Access the application on your personal device. Carefully review the app's terms and conditions.
  3. The app may ask you to select your healthcare provider from a list. Select your healthcare provider.
  4. You will now be redirected to your provider's MyChart login screen. Enter your credentials to continue.

    Note: you should not share your password directly with another person or application. This page is designed to let you securely share your health record without disclosing your password. The logo and background image on this page might look different for your healthcare provider, but the general layout of the page should be similar with the Epic Systems Corporation copyright at the bottom of the screen.
    You can also look at the URL at the top of the browser window to check that:
    1. The website name is associated with your healthcare provider
    2. The URL begins with https:// or has the lock icon:
  5. If you have access to another person’s account, you will need to select to which account you are linking the app.

  6. You may see a page with details about the application. These details come from a questionnaire that the app developer fills out and attests to, such as how the app is funded, whether it distributes your data to other parties, and whether you're able to delete or see records of the data the app collects. Review this information carefully and determine whether you would like the app to have access to your health information. If you would like to allow the app to access your data, click "Allow Access".

    Example of an app that has filled out questionnaire with useful information:


    Example of an app that has neglected to fill out the questionnaire:


    Example of an app that is connecting to your MyChart account through the Trusted Exchange Framework and Common Agreement™:
  7. In some cases, you may be able to select what information to share. In this example, the app is requesting your allergies, appointments, care plans, and results. If you don't want to share your allergy information with the app, you may click the 'allergies' card to remove that information:
  8. You also may be able to decide how long the app has access to your information. If any new information is added to your medical record during this time, the app may have access to that new information as well:
  9. You can review and remove app access to your health data at any time by navigating to the 'Manage My Linked Apps and Devices' page in MyChart.