For healthcare providers
If your office received an email from hello@patientic.app
asking you to reply with one of your patients' records, the request
is legitimate and patient-initiated. Here's what's going on and how
to handle it.
What is Patientic?
Patientic is a personal health-records (PHR) app that helps users keep their own medical records organized — labs, visit notes, imaging, medications, allergies, family history. It is not a clinical system and we are not a HIPAA-covered entity; users own the data they put in.
Why you got an email from us
A Patientic user — your patient — asked us to email you on their behalf to request a copy of their records. The user explicitly initiated the request from inside the app. We did not select your address; the user did, after having already exchanged mail with your office at that address (we only allow record-request emails to addresses already on the user's approved-senders list).
The email arrives from
"<Patient Name> via Patientic" <hello@patientic.app>
with a Reply-To of the patient's Patientic forwarding
address — something like
their-name.xxxx@inbox.patientic.app. When you hit
Reply, your reply goes back to that Patientic address and lands in
the patient's Inbox tab inside the app. Their personal email
address is never on the wire.
Verifying the request
We strongly encourage offices to verify the request through whatever channel you already have on file for the patient — a phone number, a patient-portal message, or in person at their next appointment. Do not use Patientic to verify a Patientic email; that would be circular.
Patientic does not staff a phone line. The
hello@patientic.app mailbox is automated — emails sent
there get an auto-response asking the sender to reply to the
original Reply-To address (because that's where it routes to the
patient).
HIPAA right-of-access
Under HIPAA's right-of-access rule, a patient is entitled to a copy of their own records from their provider. Patientic does not modify that workflow — we just make the request easier for the patient to send and easier for the records to come back to. You should continue to apply your office's usual verification, fee, and delivery-format policies. If you would normally fulfill a patient's records request via email, replying to our message delivers the records to the patient through the Patientic app.
Don't want to receive these emails?
If you don't want to fulfill records requests via Patientic, the easiest path is to fulfill the request directly with your patient through your usual channel and ask them not to use Patientic for future requests to your office. We will honor opt-out requests sent to privacy@patientic.app — once received, we will block your office's email address from the records-request flow for any Patientic user.
Security and compliance
- All Patientic mail traffic is TLS-required end to end.
- Our email infrastructure (Amazon SES on AWS) is covered by a HIPAA Business Associate Agreement.
- We do not retain the body of records-request emails we send on the user's behalf — only the metadata (recipient, subject, timestamp) so the user can audit what was sent.
- Replies you send to the user's forwarding address are stored per the user's account, encrypted in transit and at rest.
Reach a human
For verification questions or to report a request you believe is fraudulent, email privacy@patientic.app. A human responds within 2 business days. For suspected security issues, please use security@patientic.app.