Help your patients see their own records — without lifting a finger on your end.
Ada is a patient-facing personal health record app. We connect to your MyChart instance via the standard SMART-on-FHIR patient-facing flow. Your patients log in with their own MyChart credentials and authorize the data sharing themselves. You don't host us. You don't maintain us. You don't pay for us.
What Ada is
Ada is a personal health record companion for patients. It pulls a patient's records from their hospital's MyChart, organizes them by body system and timeline, and lets the patient ask questions about their own history in plain language. The patient owns their data; we are a tool for understanding it, not a destination for it.
What Ada is not:
- Not a clinician tool. We do not write back to your EHR. Read-only.
- Not a diagnostic device. Ada does not provide medical advice and clearly says so to patients.
- Not a data aggregator selling derived insights. We do not sell identifiable patient information. (See Privacy Policy.)
What data we request
We request only USCDI v3 patient-facing read scopes. No write scopes, no clinician scopes, no backend system access.
| Scope | Purpose |
|---|---|
openid + fhirUser | Identify the authenticated patient |
patient/Patient.read | Demographics, name, DOB |
patient/Observation.read | Lab results, vitals |
patient/Condition.read | Diagnoses, problem list |
patient/MedicationRequest.read | Active and historical prescriptions |
patient/Immunization.read | Vaccination history |
patient/DocumentReference.read | Clinical documents and summaries |
offline_access | Refresh tokens for background sync |
Why offline_access: Patients open the app to look up their own information, often at a moment they need it (talking to a new specialist, filling out a school form, in an ER waiting room). Forcing a re-authentication every hour would mean the data isn't there when they need it. Refresh tokens let us silently keep their library current.
Security posture, in one paragraph
TLS 1.2+ in transit; AES-256 at rest with field-level encryption on identifiable record content. Apple App Attest binds API requests to the genuine Ada iOS install. No SSH to production — all admin access via AWS Systems Manager with session logging. Append-only audit log of every record read/write. Anthropic's Claude is our AI sub-processor under no-training Commercial Terms. Account deletion within 30 days. HIPAA-aligned safeguards; FTC Health Breach Notification Rule compliance. Full posture: meetmyada.com/security.
What we'll send you to start a review
- Architecture diagram (PDF) — request via email below.
- Completed SIG-Lite (Standardized Information Gathering) or HECVAT, whichever your security team prefers.
- Our Business Associate Agreement template (or we'll sign yours).
- Public JWK for SMART client authentication: ada-public-jwk.json · also at /.well-known/jwks.json.
- Production Client ID, audited scope set, and Epic app marketplace listing.
How the integration actually works on your side
- Your Epic integrations team adds Ada's Production Client ID to your tenant's allowed apps list (Epic's standard "client distribution" process).
- The patient downloads Ada from the App Store or Google Play. Inside Ada, they select your health system from a dropdown list of supported hospitals and tap Connect.
- From there it's the standard SMART-on-FHIR OAuth flow: your MyChart login screen, your authorization screen, patient's choice to grant or deny access.
What we ask of you
- Enable our Production Client ID on your Epic tenant.
- Sign a mutual BAA (ours or yours).
- Tell us if you'd like to be listed on our "Connected Hospitals" page so your patients know Ada works with you.
Frequently asked questions
Are you HIPAA compliant?
Ada is structured as a personal health record vendor, which means HIPAA's Privacy Rule does not directly regulate us as a "covered entity." We do apply HIPAA-aligned administrative, physical, and technical safeguards, sign BAAs with covered entities, and comply with the FTC's Health Breach Notification Rule. When acting as a Business Associate (for example, on a co-branded deployment), we comply with HIPAA as a Business Associate.
Do you sell patient data?
No identifiable patient data is sold. We may share de-identified and aggregated information consistent with the HIPAA Safe Harbor de-identification standard, as disclosed in our Privacy Policy. Patients can opt their records out of any de-identified use.
Where is data hosted?
Amazon Web Services, US-East-1, in HIPAA-eligible services. BAA in place with AWS. No data hosted outside the United States.
What happens if a patient deletes their account?
Identifiable health information is deleted within 30 days. Refresh tokens for any EHR connection are invalidated immediately on disconnect. Limited audit log metadata is retained for the HIPAA-recommended 6-year window.
Is there a cost to the hospital?
None. Ada is patient-facing and patient-funded. We do not bill hospitals for integrations.
Can we co-brand Ada for our patients?
Co-branded deployments are something we're exploring with anchor partners. If that's of interest, mention it when you reach out and we'll set up a call.
Start an integration review
Email our integrations team with your security questionnaire, BAA template, or just a "let's talk." We aim to respond within 2 business days.
[email protected]For security teams specifically: [email protected]