Keep clinical records behind a secure portal boundary.
This public page is only the entry point. Real reports, imaging, prescriptions, bills and messages need authenticated access, MFA where appropriate, consent and audit logs.
Portal capabilities
Authenticated care continuity.
✓
Reports and imaging
Lab, radiology and discharge summaries with access logs.
Lab, radiology and discharge summaries with access logs.
✓
Appointments and reminders
Upcoming visits, check-in instructions and schedule changes.
Upcoming visits, check-in instructions and schedule changes.
✓
Secure messaging
Doctor/staff messages inside authenticated workflows, not casual email.
Doctor/staff messages inside authenticated workflows, not casual email.
✓
Payments
PCI-compliant hosted checkout; never store card data in website code.
PCI-compliant hosted checkout; never store card data in website code.
Security note
Static sites cannot safely process sensitive patient data.
Do not collect passwords, OTPs, lab reports, health records or payment card details on GitHub Pages. Use a compliant backend and identity provider.
