Patient portal

OTP-based patient surface — no password to forget. Configure at /admin/portal. Patients access at /portal.

Access model

Patient enters their phone number or email. Pollen8 sends a one-time code; patient enters it. Session is good for the day on that device.

No passwords. No security questions. No forgotten-password flow. Suits the realistic frequency of patient logins (a few times a year, not daily).

What patients see

Profile — demographics, insurance, primary care.
Visits — past encounter summaries with the AI-drafted patient-friendly summary.
Messages — secure two-way with the practice. Messages route to the right staff role (clinical vs. billing).
Intake forms — pre-visit forms the practice has assigned. Completed forms save to the chart on the next encounter.
Billing — statements + outstanding balance + Stripe Connect pay button.
Bookings — upcoming appointments, telehealth join button, request new appointment (drops into Online bookings).
Records — download an FHIR export of their own data (patient-initiated portability — required by 21st Century Cures).

Telehealth join

For video visits, the portal shows a Join button 15 minutes before the visit. Click → WebRTC video room opens. See Telehealth.

Secure messaging

Two-way thread per topic. Patient messages get categorized (billing / clinical / scheduling) and routed to the matching staff worklist. Clinical messages are subject to the same HIPAA-track audit as the chart.

Pay a balance

Patient sees their current ledger balance. Pay-with-card flows through Stripe Connect (per-tenant Connect account). Payment posts to the patient ledger in real time; if the patient overpays, the credit sits on the ledger for the next statement.

Audit + privacy

Every portal action stamps an audit row with the patient’s session id + the action type. Patients can see their own audit log under Account → Activity (transparency for the Cures Rule).