Patientic
Home Privacy Terms Providers Support Login

For healthcare providers

If your office received an email from hello@patientic.app asking you to reply with one of your patients' records, the request is legitimate and patient-initiated. Here's what's going on and how to handle it.

What is Patientic?

Patientic is a personal health-records (PHR) app that helps users keep their own medical records organized — labs, visit notes, imaging, medications, allergies, family history. It is not a clinical system and we are not a HIPAA-covered entity; users own the data they put in.

Why you got an email from us

A Patientic user — your patient — asked us to email you on their behalf to request a copy of their records. The user explicitly initiated the request from inside the app. We did not select your address; the user did, after having already exchanged mail with your office at that address (we only allow record-request emails to addresses already on the user's approved-senders list).

The email arrives from "<Patient Name> via Patientic" <hello@patientic.app> with a Reply-To of the patient's Patientic forwarding address — something like their-name.xxxx@inbox.patientic.app. When you hit Reply, your reply goes back to that Patientic address and lands in the patient's Inbox tab inside the app. Their personal email address is never on the wire.

Verifying the request

We strongly encourage offices to verify the request through whatever channel you already have on file for the patient — a phone number, a patient-portal message, or in person at their next appointment. Do not use Patientic to verify a Patientic email; that would be circular.

Patientic does not staff a phone line. The hello@patientic.app mailbox is automated — emails sent there get an auto-response asking the sender to reply to the original Reply-To address (because that's where it routes to the patient).

HIPAA right-of-access

Under HIPAA's right-of-access rule, a patient is entitled to a copy of their own records from their provider. Patientic does not modify that workflow — we just make the request easier for the patient to send and easier for the records to come back to. You should continue to apply your office's usual verification, fee, and delivery-format policies. If you would normally fulfill a patient's records request via email, replying to our message delivers the records to the patient through the Patientic app.

Don't want to receive these emails?

If you don't want to fulfill records requests via Patientic, the easiest path is to fulfill the request directly with your patient through your usual channel and ask them not to use Patientic for future requests to your office. We will honor opt-out requests sent to privacy@patientic.app — once received, we will block your office's email address from the records-request flow for any Patientic user.

Security and compliance

  • All Patientic mail traffic is TLS-required end to end.
  • Our email infrastructure (Amazon SES on AWS) is covered by a HIPAA Business Associate Agreement.
  • We do not retain the body of records-request emails we send on the user's behalf — only the metadata (recipient, subject, timestamp) so the user can audit what was sent.
  • Replies you send to the user's forwarding address are stored per the user's account, encrypted in transit and at rest.

Reach a human

For verification questions or to report a request you believe is fraudulent, email privacy@patientic.app. A human responds within 2 business days. For suspected security issues, please use security@patientic.app.

© 2026 Patientic · Privacy · Terms · Providers · Support · privacy@patientic.app