Clinical history
MedLocker may import visit history, conditions, procedures, immunizations, care plans, care teams, allergies, and medication records from the Epic connection when those data are returned by Epic for the authorized patient context.
Epic data disclosure
How MedLocker handles Epic / MyChart data.
This page summarizes how MedLocker imports, uses, stores, and retains Epic / MyChart data for the first patient-facing release. It is meant to help users understand the product behavior at a practical level alongside the broader MedLocker privacy materials and terms.
Imported after consent
Epic data is imported only after the user completes the MyChart authorization flow
Stored in MedLocker
Imported records become part of the MedLocker longitudinal record
Disconnect behavior
Disconnect ends future syncs and does not automatically delete imported history
Imported categories
What MedLocker imports from Epic in v1
Results and documents
MedLocker may import observations, lab-style results, diagnostic reports, and document references that Epic exposes through the authorized SMART on FHIR session.
Connection metadata
MedLocker stores connection metadata such as issuer details, granted scopes, sync status, timestamps, and source identifiers needed to manage refreshes and keep the imported record traceable.
Product use
How MedLocker uses imported Epic data
Longitudinal record views
Imported Epic data is used to populate the same MedLocker timeline, summary, and patient-record views that show data from MedLocker’s internal clinical store.
Connection state and refreshes
MedLocker uses connection and sync metadata to show whether the MyChart link is connected, syncing, disconnected, needs reconnect, or failed.
Support and security operations
Limited metadata may be used by Alpine Labs support and engineering teams to investigate connection failures, refresh problems, or source-data mismatches.
Storage and retention
How the connection is stored
Backend-owned credentials
Epic access and refresh tokens are stored by the MedLocker backend with encryption at rest. The app initiates the user flow but does not become the durable holder of long-lived Epic credentials.
Imported data retention
Imported records become part of the user’s MedLocker history. Disconnecting the portal stops future syncs but does not automatically remove records already brought into MedLocker.
Source traceability
Imported Epic resources are tagged with source metadata inside MedLocker so Alpine Labs can distinguish Epic-sourced records from other MedLocker ingestion paths.
Current first-release boundary
The first release is scoped to Epic / MyChart. MedLocker does not route Epic data through the internal document-upload extraction pipeline for this integration.
Sharing and user controls
Who data may be shared with
Within the product
Imported Epic data is shown inside the MedLocker account and related caregiver or linked-patient views that the user is authorized to access.
Service providers and legal requirements
Alpine Labs may rely on infrastructure and service providers to host and secure the product, and may disclose information when required by law, regulation, or valid legal process.
User-directed sharing
MedLocker may let the user share selected records with clinicians, caregivers, or other recipients through MedLocker features. That sharing is directed by the user, not automatically created by connecting MyChart.
For the product overview, see the Epic / MyChart integration page. For the governing product terms, see the MedLocker terms page.