Patient Portal - Clinical Record Access
You can allow patients to view parts of their medical record through the Patient Portal. Because this involves sensitive health data, access requires identity verification and multi-factor authentication.
What Patients Can View
Once approved, patients can see:
- Problems and diagnoses
- Medications
- Allergies
- Immunisations
- Lab results
Enabling Clinical Record Access
- Go to Settings > Patient Portal
- Scroll to the Clinical Record Access section
- Toggle Enable clinical record access
- Optionally toggle Auto-approve verified patients to skip manual approval for patients who pass identity verification
Important: Clinical record access requires Stripe Identity to be configured for your practice.
Patient Verification Flow
When a patient requests clinical record access:
- Identity Verification - the patient completes Stripe Identity verification (their name and date of birth must match your records)
- MFA Setup - the patient sets up multi-factor authentication using an authenticator app (e.g. Google Authenticator). They scan a QR code and enter a confirmation code
- Recovery Codes - the patient is given recovery codes to save securely
- Approval - if auto-approve is enabled and verification passes, access is granted immediately. Otherwise, a staff member must manually approve the request
On subsequent visits, the patient enters their MFA code to access clinical data.
Managing Access Requests
In the Clinical Record Access section of Patient Portal settings, you can see a list of patients and their access status:
- Pending - waiting for staff approval
- Approved - patient has full access
- Denied - request was declined
- Revoked - access was removed after being granted
You can approve, deny, or revoke access at any time.
Tip: If you enable auto-approve, patients who pass Stripe Identity verification are granted access without staff intervention -- this reduces admin workload while maintaining security.