Epic / MyChart data is imported only after user authorization. See integration overview
MedLocker logo MedLocker

Epic data disclosure

How MedLocker handles Epic / MyChart data.

This page explains how Epic / MyChart data moves into MedLocker after authorization, how it is stored, how disconnect works, and how sharing remains tied to user choices.

Review data ownership Integration overview Privacy contact
Imported after consent Epic data enters MedLocker only after the MyChart authorization flow.
Stored in MedLocker Imported records become part of the user’s longitudinal record.
Disconnect behavior Disconnecting the portal stops future syncs without deleting imported history.

Quick summary

Epic import is a record source, not a blanket sharing decision.

Importing records from MyChart helps populate the MedLocker timeline. It does not automatically enroll the user in research, data value programs, or broad sharing.

1

User authorizes import

MedLocker imports Epic data only after the user completes the MyChart authorization step.

2

Records join the vault

Imported visits, labs, medications, documents, and source metadata become part of the MedLocker record.

3

Sharing remains directed

Clinician, caregiver, research, and data value sharing are separate choices controlled by the user.

Imported categories

What MedLocker may import from Epic in v1.

MedLocker imports supported data returned by Epic for the authorized patient context and keeps source metadata so Epic-sourced records remain traceable.

Clinical historyVisits, conditions, procedures, immunizations
Medication contextMedication requests, administrations, allergies
ResultsObservations, lab-style results, diagnostic reports
DocumentsClinical document references exposed through the authorized session
Care contextCare plans, care teams, patient record context
Connection metadataIssuer, scopes, sync status, timestamps, source identifiers

Storage and retention

Imported Epic records become part of the MedLocker history.

Disconnecting the portal stops future syncs but does not automatically remove records already brought into MedLocker. That retention keeps the health timeline coherent while still allowing the user to control future portal access.

Backend-owned credentials

Epic access and refresh tokens are stored by the MedLocker backend with encryption at rest.

Imported data retention

Imported records remain in the MedLocker history unless handled through the product’s data-management process.

Source traceability

Epic resources are tagged with source metadata so they can be distinguished from other ingestion paths.

Use and sharing

Who may see Epic-imported data?

Imported data is shown inside MedLocker product views the user is authorized to access. Sharing with clinicians, caregivers, or other recipients is directed by the user.

Within the product

Epic-imported data appears in MedLocker account views and authorized caregiver or linked-patient views.

Service providers and legal requirements

Alpine Labs may rely on infrastructure providers and may disclose information when required by law.

User-directed sharing

Connecting MyChart does not automatically share records with clinicians, caregivers, research, or data value programs.

Current first-release boundary

The first release is scoped to Epic / MyChart. MedLocker does not route Epic data through the internal document-upload extraction pipeline for this integration.

Questions about this disclosure?

Contact MedLocker privacy support or review the related trust pages.

privacy@alpinelabs.ai Integration overview Terms