Carter Med
User journeys

Six roles. Six doors. One record between them.

Each role onboards through a different trust gate and lands on a different home screen, but every step touches the same FHIR-native record. These are the screens we'll build for the MVP — clickable demos linked at the bottom of each journey.

PatientClinician (independent or employed)Clinic providers (multi-provider portal)Facility IT / clinic adminPublic health / NGOOwner / super admin
Role 1 / 6

Patient

Anyone who receives care — carries their own record across providers.

Trust gates passed
  • Verified identity (ID.me or in-person)
  • SMART Health Card + offline QR
  • Consent defaults set per purpose-of-use
Walk the sign-upOpen the demo
Screens
  1. Screen 01

    Welcome

    Pick a sign-up path: phone, ID.me, or in-clinic enrollment.

  2. Screen 02

    Identity check

    Capture driver's license or passport; match selfie. Falls back to clinic-staff vouching.

  3. Screen 03

    Demographics

    Confirm name, DOB, address — used for MPI matching with TEFCA networks.

  4. Screen 04

    Consent defaults

    Toggle treatment, payment, public health, and research consent per data category.

  5. Screen 05

    SMART Health Card

    Issued credential + QR shown for offline scan at any provider.

  6. Screen 06

    Record home

    Allergies, meds, problems, immunizations, recent visits — all offline-readable.

  7. Screen 07

    Share with provider

    One-tap share by QR or 6-digit code; revoke any time.

  8. Screen 08

    Visit timeline

    Every encounter, who saw the record, what they pulled, what they wrote.

Role 2 / 6

Clinician (independent or employed)

MD, DO, NP, PA, RN — verified by NPI, state license, and DEA when applicable.

Trust gates passed
  • NPI verified against NPPES
  • State license + DEA on file
  • EPCS enrolled for controlled Rx
Walk the sign-upOpen the demo
Screens
  1. Screen 01

    Sign in / SMART launch

    Email + MFA, or launch embedded inside Epic/Oracle via SMART on FHIR.

  2. Screen 02

    Today's panel

    Schedule, waiting room, notes to sign, inbox.

  3. Screen 03

    Patient search

    Search by name, scan SMART Health Card QR, or paste UUID. Pulls TEFCA on miss.

  4. Screen 04

    Chart view

    Problems, meds, allergies, results — with provenance from every source.

  5. Screen 05

    Encounter note

    Offline-first SOAP note; queues to sync; CDS Hooks fire inline.

  6. Screen 06

    Orders & e-Rx

    Labs, imaging, prescriptions; EPCS step-up for controlled.

  7. Screen 07

    Conflicts inbox

    Resolve diff between local and external sources; pick the truth.

Role 3 / 6

Clinic providers (multi-provider portal)

A clinic with multiple clinicians under one tax ID — roster, panels, credentialing, coverage.

Trust gates passed
  • Roster of all clinicians under the clinic
  • Per-provider credentialing status
  • Panel reassignment + coverage on PTO
Walk the sign-upOpen the demo
Screens
  1. Screen 01

    Provider roster

    All clinicians at the clinic, filterable by site and status. Search, add, suspend.

  2. Screen 02

    Invite provider

    Capture name, role, NPI, site, email. Sends signed onboarding link.

  3. Screen 03

    Provider profile

    Credentials, today's schedule, recent activity, danger-zone removal.

  4. Screen 04

    Panel assignment

    Move patients between clinicians; set covering provider during PTO.

  5. Screen 05

    Credentialing dashboard

    Expiring licenses, DEA renewals, NPI re-checks, EPCS enrollment status.

Role 4 / 6

Facility IT / clinic admin

Whoever provisions sites, signs the BAA, and keeps edge nodes healthy.

Trust gates passed
  • BAA on file, Security & Privacy Officers designated
  • Edge nodes online
  • Aggregator on-ramp connected
Walk the sign-upOpen the demo
Screens
  1. Screen 01

    Facility setup

    Org NPI + tax ID, sign BAA, designate officers.

  2. Screen 02

    Aggregator picker

    Connect Metriport, Health Gorilla, Particle, or Zus as a swappable network on-ramp.

  3. Screen 03

    Edge node fleet

    Health of each site's local node — CPU, RAM, sync lag, patient count.

  4. Screen 04

    Sync conflicts

    Two-version conflicts surfaced for clinician resolution.

  5. Screen 05

    Network exchange

    TEFCA / Carequality / CommonWell pull-and-write counters.

  6. Screen 06

    Provider credentialing

    Drills into the multi-provider roster.

Role 5 / 6

Public health / NGO

State agencies, CDC, and field NGOs consuming consented, de-identified feeds.

Trust gates passed
  • DUA signed, jurisdiction scoped
  • FHIR resources whitelisted
  • Bulk $export credentials issued
Walk the sign-upOpen the demo
Screens
  1. Screen 01

    Agency verification

    Confirm org, jurisdiction, and lawful basis.

  2. Screen 02

    Scope picker

    Pick FHIR resources (Immunization, Condition, Observation) and geography.

  3. Screen 03

    De-identification rules

    Safe Harbor or Expert Determination; redact identifiers per policy.

  4. Screen 04

    Bulk $export jobs

    Track export jobs, NDJSON downloads, manifest integrity.

  5. Screen 05

    Surveillance dashboards

    Outbreak signals, vaccine coverage, condition prevalence — de-identified.

Role 6 / 6

Owner / super admin

Carter Med company owners. Invite-only. Hardware-key gated.

Trust gates passed
  • WebAuthn hardware key enrolled (+ backup)
  • Break-glass policy acknowledged
  • Audit log immutable
Walk the sign-upOpen the demo
Screens
  1. Screen 01

    Owner invite

    Signed link, expires in 24h. Hardware key required, no email/password fallback.

  2. Screen 02

    Control plane

    Tenants, deployments, feature flags, kill switches.

  3. Screen 03

    Audit log

    Tamper-evident hash chain. Filter by tenant, actor, purpose-of-use.

  4. Screen 04

    Break-glass review

    Every emergency access logged, justified, and reviewed within 24h.

  5. Screen 05

    Billing & contracts

    Per-tenant billing, BAAs, DUAs, support tier.