Loading...
Loading...
Send sensitive medical information, test results, or health records securely and privately.
Medical information is not one category. A CBC panel, an SSRI prescription, an HIV viral-load result, a 23andMe download, and a therapist's intake summary carry different blast radii. A diagnosis can void a long-term-care policy. A psychotherapy note in a custody dispute moves judges. A BRCA1 variant is re-identifiable from public ancestry rows.
Before going further: PasteOnce is not a HIPAA-covered entity, we do not sign Business Associate Agreements, and nothing here should be read as HIPAA compliance for a clinic, hospital, or telehealth provider. For a covered entity moving Protected Health Information, the lawful surfaces are your EHR's secure inbox (Epic MyChart In Basket, Cerner HealtheLife, Athenahealth Communicator, Kaiser kp.org), a BAA-signed transfer vendor (Paubox, Datica, TigerConnect), or fax to a verified number.
Where the tool helps is the patient-driven handoff that falls outside any portal — a maintenance prescription moving between independent pharmacies with no shared e-prescribing link, a pre-op packet sent to an anesthesia team at a different hospital, or a daughter forwarding a discharge summary to a sibling. Paste the text, send the link, recipient reads once, ciphertext destroyed by atomic getdel on Redis.
Client-side encrypted. We can't see your data.
Your data is encrypted in your browser before it leaves your device.
Messages are automatically deleted after being read once.
We never see your data. Only encrypted blobs pass through our servers.
Links work exactly once. Refresh the page and it's gone forever.
Your sensitive data is encrypted in your browser using AES-256-GCM. The encryption key is generated randomly and never sent to our servers.
Only the encrypted blob is stored in our database, with an automatic expiration time. We literally cannot read your data.
When your recipient opens the link, the encrypted data is fetched and immediately deleted from our servers using an atomic Redis GETDEL. The key in the URL hash decrypts the message in their browser.
If the clinician sits on the same EHR, the right surface is a portal-to-portal referral inside MyChart, HealtheLife, Athenahealth, or eClinicalWorks. Cross-network exchanges go through Carequality, CommonWell, or a regional HIE — not a paste link.
A second-opinion radiologist usually needs imaging findings, not patient name and date of birth. The HIPAA Safe Harbor list of 18 identifiers is a useful checklist — address, dates finer than year, MRN, biometric IDs, photographs.
Genome data cannot be rotated. Before exporting from 23andMe, AncestryDNA, or a clinical sequencing report, decide whether the recipient needs the raw VCF or only a derived summary. A single-variant lookup beats a whole-exome dump.
A telehealth visit happens in 30 minutes — pick the 1-hour expiry. The 7-day option is rarely right for medical content; the longer the ciphertext sits, the longer a breach window stays open.
Surgery is scheduled at a hospital whose anesthesia group sits on a separate EHR. The CRNA needs medication list, allergies, prior anesthetic reactions, and recent ECG findings the night before. Paste those sections with a 1-hour TTL — no packet in their inbox.
You move cities and want a maintenance medication moved from a pharmacy with no Surescripts integration to one that has it. The receiving pharmacist needs prescriber NPI, drug, dose, refills remaining, and the original Rx number. Paste the details so neither side emails them in cleartext.
After a positive hereditary cancer panel, a brother needs the specific findings before his own genetic counseling session. Paste the relevant section, set the 24-hour TTL, and the document never lands as a permanent artifact in his email or a family chat.
No. We are not a HIPAA-covered entity, sign no Business Associate Agreements, and a self-destructing link does not satisfy the Security Rule's audit-control, access-control, or transmission-security requirements for PHI. If you run a clinic, use Paubox, TigerConnect, Datica, or your EHR's messaging.
Yes. HIPAA constrains covered entities and business associates, not patients sharing their own information. Once a document is in your hands, share it however you like — but the privacy risk remains, so a one-shot link beats email or text.
GINA prohibits health insurers and employers of 15+ from using genetic information in coverage or hiring, preempting weaker state laws on those two surfaces. It does not reach life, disability, or long-term-care insurance. A few states (California, Florida, Vermont) added partial protections; most have not.
If both use Surescripts, the receiving pharmacist initiates an electronic transfer. If one is an independent without that integration, read the prescriber NPI, drug, dose, refills, and original Rx number to the receiver via a one-time link, not voicemail or SMS.