Epic Integration Disclosure
This page discloses how Pearl's Epic / MyChart connection works, in plain language, for patients and for Epic's review.
Who Pearl is
Pearl is a patient-facing consumer health application. It helps you organize your own health records and prepare for care. Pearl is not a covered entity, is not a medical device, and does not provide medical care.
Data use
With your explicit action, Pearl reads your Epic records (labs, medications, allergies, conditions, encounters, procedures, immunizations, diagnostic reports, clinical documents, and demographics, when available) and organizes them into your private, on-device health timeline. Pearl uses this data only to help you understand and manage your own care. Pearl does not sell this data and does not use it for advertising.
User consent
The connection begins only when you choose to connect and authenticate directly with Epic via SMART on FHIR. Pearl never receives your MyChart username or password. You may decline or cancel at any point during sign-in.
Read-only Epic access
Pearl requests read-only scopes. Pearl never writes to your Epic chart and does not message your care team, schedule appointments, refill prescriptions, or perform billing or administrative actions.
Disconnect / revoke access
- You can disconnect at any time from Pearl's Settings; Pearl deletes the stored access/refresh token.
- You can also revoke Pearl's access directly from within Epic / MyChart's connected-apps settings.
- Imported records in Pearl can be deleted from your device at any time.
Security
Epic access tokens and Pearl's confidential client secret are handled server-side only and are never exposed to the browser. Tokens are encrypted at rest (AES-256-GCM). See /security for details.
No sale of data
Pearl does not sell, rent, or trade patient data, and does not share it with advertisers or data brokers.
Contact
Questions or access/deletion requests: brianpaulflynn@gmail.com. See also /epic, /privacy, and /terms.