OwnChart CAIHL draft report

HugoScore CAIHL Draft Report: OwnChart

Status: Draft for human review Generated: 2026-06-08 Last reviewed: 2026-06-08 Review method: Deep public-source review of ownchart.me, the public GitHub repository, README, privacy policy, philosophy, security model, risk/legal guide, shipped-vs-roadmap documentation, FHIR connector documentation, license context, HIPAA right-of-access context, FDA software-function context, and SMART on FHIR background; no hands-on install, real-PHI testing, code audit, security audit, or maintainer interview. Service: OwnChart Vendor: OwnChart / Nick Dawson Category: Patient-controlled health records AI

Executive Summary

OwnChart is a source-available, self-hosted personal health record and AI research workspace for patients, caregivers, and families. It brings medical records, FHIR bundles, CCDAs, PDFs, scans, HealthKit data, photos, notes, workouts, calendar context, and life events into a patient-controlled evidence workspace for cited AI-assisted questions.

From a CAIHL perspective, OwnChart is strongly patient-directed: the patient or caregiver controls the deployment, data, model keys, consent settings, corrections, and source evidence. The caution is that this is beta, self-hosted PHI infrastructure. It is not HIPAA-protected by default, not medical advice, not a medical device, and not independently audited in the public evidence reviewed here.

Agency posture: Strongly agency-expanding, with beta/security caveats Confidence: Medium-high draft, source-available

Conflict Of Interest Disclosure

OwnChart's maintainer, Nick Dawson, is a friend, professional colleague, and collaborator and advisor of Hugo Campos, who runs this directory. Both projects come from the same patient-directed AI advocacy community. This profile should therefore not be read as an independent review. Independent third-party review is invited, and corrections or challenges to this profile are welcome through the site's submission form.

Evidence

• OwnChart website: https://www.ownchart.me/
• OwnChart privacy policy: https://www.ownchart.me/privacy
• GitHub repository and README: https://github.com/nickpdawson/OwnChart
• Philosophy: https://github.com/nickpdawson/OwnChart/blob/main/PHILOSOPHY.md
• Security model: https://github.com/nickpdawson/OwnChart/blob/main/SECURITY.md
• Risk, privacy, legal guide: https://github.com/nickpdawson/OwnChart/blob/main/user-docs/RISK.md
• Shipped vs roadmap: https://github.com/nickpdawson/OwnChart/blob/main/user-docs/SHIPPED_VS_ROADMAP.md
• FHIR connector setup: https://github.com/nickpdawson/OwnChart/blob/main/user-docs/CONNECTORS.md
• HHS HIPAA right-of-access FAQ: https://www.hhs.gov/hipaa/for-professionals/faq/2042/what-personal-health-information-do-individuals/index.html
• FDA software-function examples: https://www.fda.gov/medical-devices/device-software-functions-including-mobile-medical-applications/examples-software-functions-are-not-medical-devices
• SMART on FHIR background: https://pmc.ncbi.nlm.nih.gov/articles/PMC4997036/

Mixed HugoScore Profile

• Who does this AI serve? Patient-directed. OwnChart is explicitly built for patients, caregivers, and families to understand and correct their own evidence.
• Can patients tell AI is involved? Yes. AI-assisted Ask, cited answers, model runs, provider selection, and consent gates are visible product concepts.
• Can patients meaningfully choose? Yes, for technically capable users. Use is voluntary and self-hosted, but real choice requires the ability to install, secure, back up, and operate PHI infrastructure.
• Can patients correct or challenge what the AI produces? Yes in design; needs implementation verification. User-controlled correction, preserved sources, citations, candidates-not-commits, and audit trails are explicit doctrines.
• Does it help patients understand or act? Yes. OwnChart supports longitudinal record questions, Dossiers, Events, source review, visit preparation, user correction, export, and caregiver memory support.

Patient Agency Interpretation

OwnChart is one of the clearest current examples of patient-directed health AI infrastructure. It does not merely show a patient's data back to them; it tries to make the evidence inspectable, correctable, contextual, and useful for questions the patient actually has.

The main CAIHL caveat is that agency depends on usable control. OwnChart gives control to the patient/operator, but also shifts security, backup, model-provider, and deployment choices onto them. It may expand agency substantially for technically capable patients and caregivers while remaining inaccessible or risky for people who cannot safely self-host sensitive health infrastructure.

Publication Recommendation

Ready for human review as a draft profile. Do not publish as final until implementation verification, independent security/usability evidence, accessibility, EHR connector burden, local-vs-external model handling, caregiver/proxy risks, and source-available beta labeling are reviewed.