Skip to main content
Patient Protect circular logo mark in purple and white used for site navigationPatient Protect

Network · Smart Referrals

Referrals across offices, audited at every step.

Refer with full audit trail. Every send, every acceptance, every consultation. Compliance documentation that builds itself.

Start 14-day free trialOr book a demo
Pro plan·Starting at $99/mo
Patient Protect — Smart Referrals
Patient Protect Smart Referrals showing referral workflow from sending office to receiving specialist with audit trail, consent verification, and acceptance tracking

HIPAA mapping

What this satisfies in the Security Rule.

4 citations, each with the specific Smart Referrals behavior that satisfies it. The mapping is the receipt — what you can show an auditor without assembling anything new.

§164.502(a)(1)(ii)

Treatment exception

Permits use and disclosure of PHI for treatment without specific authorization. Referral within treatment scope is the canonical use case.

§164.506(c)

Permitted uses for treatment

Specifies permissible disclosures for treatment. Smart Referrals operates within §164.506(c) by default.

§164.508

Authorization required for non-routine uses

When referral involves uses outside treatment exception, the workflow captures appropriate authorization.

§164.512

Uses without authorization

When referrals are required by law (mandatory reporting, public health), the workflow accommodates without authorization while documenting the basis.

What it does

The referral chain that closes its own compliance gaps.

Most practice-to-practice referral workflows produce compliance gaps. Patient consent for the disclosure isn't clearly documented. The receiving practice may or may not have appropriate scope. Records are exchanged via fax, email, or patient hand-carry — none with consistent audit trail. The referral often works clinically but creates documentation problems that surface during audit or breach investigation.

Smart Referrals replaces the chain. The referring practice initiates a referral inside Patient Protect; the receiving practice (if also on the platform) accepts it; records flow through the BAA-gated messaging layer; consent verification is embedded; the audit trail is automatic.

When the patient is seen, records consulted, or referral closed, the trail completes. Every event in the referral lifecycle is timestamped and attributed. The practice's audit trail shows not just that a referral happened but why, with what consent basis, what records were exchanged, and what the outcome was.

How it works

6 mechanisms keep Smart Referrals working.

01

Referral initiation with structured context.

Initiate a referral from the patient's record. The workflow captures referring provider, receiving party, clinical context, records to share, and consent basis. The structured capture replaces the free-text or fax-cover-sheet workflows that produce documentation gaps.

02

Consent verification embedded.

Patient consent is verified inline. If consent is on file from the patient's intake forms, it's referenced. If consent is required and not on file, the workflow captures it before proceeding. If the disclosure falls under §164.512 (required by law) or §164.506 (treatment), the basis is documented explicitly.

03

Network-aware routing.

Receiving parties on Patient Protect get the referral inside their platform. Receiving parties off Patient Protect receive the referral via secure email or fax (whichever channel is documented for them); the platform tracks the send.

04

Acceptance and decline tracking.

Receiving parties accept, decline, or request more information. Their response is captured with timestamp. Declined referrals allow the referring practice to route elsewhere. Accepted referrals proceed.

05

Records exchange via Secure Messaging.

The records associated with the referral flow through Secure Messaging — encrypted, BAA-gated (where the receiving party is a connected entity with a BAA in place), audit-logged. No fax, no email, no patient hand-carry.

06

Closure with outcome documentation.

The referral closes when the receiving party documents the consultation outcome. The closure feeds back to the referring practice — useful for follow-up scheduling, billing, and clinical care continuity.

Who this is for

Built for the practices that need it most.

Practices in connected referral networks.

Specialty practices receiving referrals from multiple primary care offices, primary care offices working with regular specialty partners, integrated delivery contexts. The network effect compounds — every practice on the platform makes the referral workflow easier for every connected practice.

Practices in compliance-sensitive referral patterns.

Behavioral health referrals (often involving 42 CFR Part 2 considerations), substance use treatment referrals, sensitive specialty contexts. The audit trail and consent verification are most valuable where the referral itself carries privacy weight.

Practices that have had referral-related compliance findings.

Findings around referral disclosure tracking are common in OCR audit pattern. The platform's structured workflow is the remediation that prevents repeat findings.

Practices managing multi-location operations.

Multi-location practices on the platform can refer between locations using the same workflow as cross-practice referrals. The audit trail operates the same way; intra-practice referrals are distinguished from cross-practice in reporting.

Connected to

No module is an island.

Smart Referralsworks because it's connected. Every signal feeds another module; every closure becomes evidence somewhere else.

Network layer

Secure Messaging

Records exchange in referrals flows through Secure Messaging; the BAA gate applies.

Learn more

Network layer

Patient Management

Referrals link to the patient's record; the record reflects the referral history.

Learn more

Defense layer

ePHI Audit Logs

Every referral event is in the audit log; cross-practice referrals appear in both practices' audits.

Learn more

What you get

5outcomes you'll feel in week one.

No more compliance gaps in referrals.

Structured workflow with consent verification, audit trail, and records exchange built in.

Patient consent documented explicitly.

Treatment exception, authorization, or §164.512 basis — all captured.

Network effect.

Connected practices share the same workflow; off-platform practices still get audit-tracked referral records.

Audit defensibility.

Every event timestamped and attributed. Disputes resolved by the audit.

Closure with outcome.

Referrals don't disappear after send — closure documentation feeds back to the referring practice.

FAQ

What people ask first.

6 questions cover most first-time evaluations. See all FAQs →

Do receiving practices need to be on Patient Protect?
No. Receiving practices on the platform get the seamless workflow; off-platform receiving parties get the referral via their documented channel (secure email, fax) with the referring practice's audit trail intact.
How is patient consent captured?
Several mechanisms: existing intake-form consent (referenced automatically), inline consent capture during the referral workflow (sending a consent request via Secure Messaging), or explicit basis documentation for §164.512 cases (required by law).
What if the referral is for a 42 CFR Part 2 patient?
42 CFR Part 2 has stricter consent requirements than HIPAA for substance use treatment information. The workflow has Part 2-aware mode that captures the additional consent requirements. Practices in Part 2-relevant sectors should configure Part 2 mode.
Can I refer to a provider, not a practice?
Yes. Referrals can target a specific provider (by NPI) within a receiving practice. The platform routes accordingly.
What about reverse referrals (specialty back to primary)?
Same workflow. The “referring” and “receiving” roles are symmetric — closure of a primary-to-specialty referral can include a specialty-to-primary follow-up referral if clinically appropriate.
Is this Pro-only?
Yes. Smart Referrals is a Pro plan feature. Core plans handle referrals through the standard Secure Messaging workflow (with manual context tracking).

Continue exploring

Related features in the platform.

Network

Secure Messaging

Six-state BAA lifecycle controls messaging access automatically. No manual intervention. No accidental ePHI to a vendor without a BAA. The gate is the architecture.

Learn more

Network

Patient Management

One place for patient records. Role-based access. Every view, edit, export logged automatically. The audit trail builds itself while you do the work.

Learn more

Defense

ePHI Audit Logs

Immutable per-session, per-tab audit trail. OCR-ready by default. No assembly required when the auditor calls.

Learn more

Next step

Referrals across offices, audited at every step.

Most connected practices send their first audit-tracked referral inside the first week. The network effect compounds from there.

Start 14-day free trial →or book a demo

No contracts. No consultants. Starting at $99/mo.