Do patients need an account to receive documents?

No. They receive a link and open it in the browser. If you enable verification, they answer a question they already know.

What if the link expires and the patient needs the file later?

Send a new link instead of re-attaching the file to the same thread. This keeps the process controlled and reduces inbox retention.

Can I prevent access if I suspect a wrong recipient?

Use short expiry windows and, where appropriate, one-time access and a verification question. This reduces the blast radius of mistakes.

How does this relate to medical record-keeping obligations?

mboxly.app is about the delivery channel. You still archive your medical records in your EDM/EHR system. The secure link is for controlled delivery to the patient or partner.

Does this work for teams, not just one person?

Yes. Standardise a simple policy: what stays in email, what always goes via link, default expiry windows, and how to handle corrections (new link).

For clinics and medical practices

Securely send medical documents without leaving files in inboxes and chat apps.

Test results, referrals, reports and scans should not circulate as ordinary attachments. mboxly.app encrypts the document before sending and creates a link you can restrict by time, one-time opening, or an extra verification question — with no patient account required.

Send securely Clinic rollout / implementation

Link instead of attachment — less retention Expiry, one-time access, access controls Patient-friendly: no account, no app

Clinic staff reviewing digital test results

Why it matters

A secure link replaces one step in the workflow and removes the highest-risk part: readable files sitting in inboxes and third-party platforms.

Use cases

When you need a safer delivery channel than email

Sending test results to patients

Routine lab results and consultation reports delivered with a short access window, not a permanent attachment.

Referrals, recommendations and post-visit documentation

A PDF does not need to live in the patient inbox forever; access can expire after a few days.

Cross-clinic consultations

Share documents with another clinic or specialist without forwarding email threads and attachments.

Imaging and larger files for a specialist

Deliver file packages in a controlled way instead of chat apps or public file-transfer links.

Documents for insurers or occupational medicine

A clean split: admin messages can stay in email, but patient documents go via secure link only.

Patient legal representative

Sensitive content reaches the right person with a safety buffer against wrong-recipient mistakes.

External subcontractors

Share materials for analysis or consultation with expiry and optional access revocation by policy.

Working with medical documentation on a laptop (stethoscope on desk)

Operational risk

What actually goes wrong when medical files are sent by email or chat

Most incidents are not sophisticated hacks. They are workflow mistakes: a wrong address autofill, an attachment in the wrong thread, a forward, a shared family inbox. Delivery should reduce the blast radius of that mistake.

Wrong recipient due to address autofill One click and the result goes to the wrong person. With an attachment, you cannot undo it, and the file can be saved and forwarded.
An attachment added to an old thread A document sent inside a chain often leaks context the clinic did not intend to share (previous messages, identifiers, notes).
Shared devices and shared inboxes at home A patient’s inbox is not always private. Sensitive health data can become visible on a family device or a shared account.
Backups and retention years later Attachments live on in archives and backups. The clinic loses control of where the readable document still exists.
Access after employee changes Shared mailboxes and handovers expand who can access old messages with attachments over time.
Chat apps as a “quick” file channel Even if transport is encrypted, files are often backed up and retained outside the clinic’s governance.

How it works

The secure-link workflow in 3 steps

Encrypt before sending

The document is encrypted on your side before it leaves the device. The server only stores encrypted data.

Send a link, not an attachment

The patient or partner receives a link to open. There is no readable file sitting in the inbox as an easy-to-copy attachment.

Control access and lifetime

Set expiry, one-time access, or an optional verification question. After the time window, the link stops working automatically.

Controls

Feature → process outcome: control instead of attachments

Send a secure link

Expiry (TTL) → less inbox retention: Access is time-limited, so a result is not readable in the patient inbox for years.
One-time access → lower copying risk: For sensitive cases, allow only a single opening. It is a practical safety buffer against accidental sharing.
Verification question → buffer against wrong-recipient mistakes: If a link is mis-sent, an extra verification step can prevent content exposure.
No patient account → low friction: Patients click and open. No registration and no login keeps it usable in telemedicine workflows.
Corrections → new link, not a new attachment: Instead of stacking files in a thread, send a new link. The workflow stays clean and easier to control.

Rollout

How to roll this out in a clinic

A small playbook for reception and telemedicine

Keep in email: appointments, confirmations, admin messages.
Send via link: test results, referrals, reports, scans.
Standard: one channel for documents — stop mixing attachments across threads.
Corrections: a new link instead of another attachment.
Retention: set default expiry windows (for example 48–72h for routine results, shorter for sensitive cases).

GDPR — brief and practical

Data minimisation: the patient gets access when it is needed.
Storage limitation: expiry reduces the readable exposure window.
Confidentiality: links reduce the number of places a readable file can spread to.
Access control: one-time access or verification reduces the impact of workflow mistakes.

Comparison

Email vs chat vs expiring link

This is not about convenience vs security. It is about process control: retention, wrong-recipient mistakes, and whether a readable file stays in the inbox permanently.

Criteria	Email attachment	Chat app	Expiring link
Retention	Long-lived copies in inboxes	Often backed up	Time-limited by design
Forward / copying	Easy	Easy	Access can be restricted
Revoke access	Effectively none	Difficult	Possible via expiry policy
Wrong recipient	Attachment exposes content	File remains in chat	Buffer: one-time / verification
Patient friction	Low	Low	Low (no account)
Process trace	"Sent" folder	Chat history	One object: link + rules

Start

Send your first medical document securely

Start with one document type (results, referrals, reports) and set a default expiry window. It is the fastest way to reduce retention and wrong-recipient mistakes without building a patient portal.

Send securely Talk about rollout

FAQ

Frequently asked questions

Do patients need an account to receive documents?: No. They receive a link and open it in the browser. If you enable verification, they answer a question they already know.
What if the link expires and the patient needs the file later?: Send a new link instead of re-attaching the file to the same thread. This keeps the process controlled and reduces inbox retention.
Can I prevent access if I suspect a wrong recipient?: Use short expiry windows and, where appropriate, one-time access and a verification question. This reduces the blast radius of mistakes.
How does this relate to medical record-keeping obligations?: mboxly.app is about the delivery channel. You still archive your medical records in your EDM/EHR system. The secure link is for controlled delivery to the patient or partner.
Does this work for teams, not just one person?: Yes. Standardise a simple policy: what stays in email, what always goes via link, default expiry windows, and how to handle corrections (new link).