Patient-controlled health records AI

OwnChart

OwnChart is a source-available, self-hosted personal health record and AI research workspace for patients, caregivers, and families. It strongly expands agency in design by making records source-backed, correctable, cited, and patient-controlled, but remains draft because users must operate sensitive PHI infrastructure and several safeguards are beta, maturing, or roadmap. Disclosure: OwnChart's maintainer is a friend, colleague, and collaborator of HugoScore's maintainer, so this profile is not an independent review.

Draft profile Read full report Open directory

Public-source research has been drafted; final human publication review and change-log detail are still required.

94 /100 toward patient-directed

Agency posture Strongly agency-expanding, with beta/security caveats

The question we ask Who does OwnChart serve in this deployment?

Control Patient-chosen use, but vendor-controlled infrastructure

Agency read Likely to expand agency if it supports reflection, action, privacy, and safe boundaries.

Vendor: OwnChart / Nick Dawson
Who it serves: Patient-directed personal health record and AI research workspace
Primary User: Patients, caregivers, families, and technically capable self-hosters
Control Model: Self-hosted user-controlled server; no developer-operated health-data backend
Patient Impact: Patient-owned record consolidation, FHIR/CCDA/PDF/HealthKit ingestion, evidence-cited AI questions, user-controlled correction, Dossiers, Events, exports, and caregiver memory support
Profile Status: Draft profile
Last Reviewed: Jun 8, 2026
Review Confidence: Medium-high draft, source-available

Summary judgment · 94% toward patient-directed

Strongly agency-expanding, with beta/security caveats

OwnChart is designed for patients and caregivers to own the deployment, data, model keys, consent settings, corrections, and source evidence; confidence is limited by beta maturity and unverified security/usability evidence.

Patient agency

How this tool changes agency

Expands agency when

OwnChart supports longitudinal record questions, Dossiers, Events, source review, visit preparation, user correction, export, and caregiver memory support.

Limits agency when

Use is voluntary and self-hosted, but meaningful choice requires installing, securing, backing up, and operating PHI infrastructure.

Patient-facing signals

Who does this AI serve?

Patient-directed

Official materials state the patient or caregiver is the user, owner, corrector, and final authority over corrections, and that the institution is not the customer.

Can patients tell AI is involved?

Yes

AI-assisted Ask, cited answers, model runs, provider choices, and consent gates are visible product concepts.

Can patients meaningfully choose?

Yes, for technically capable users

Use is voluntary and self-hosted, but meaningful choice requires installing, securing, backing up, and operating PHI infrastructure.

Can patients correct or challenge what the AI produces?

Yes in design; needs verification

User-controlled correction, preserved sources, citations, candidates-not-commits, and audit trails are explicit doctrines, but hands-on verification was not performed.

Does it help patients understand or act?

Yes

OwnChart supports longitudinal record questions, Dossiers, Events, source review, visit preparation, user correction, export, and caregiver memory support.

Text findings

Conflict of interest

Maintainer is a friend, colleague, and collaborator of HugoScore's maintainer

OwnChart's maintainer, Nick Dawson, is a friend, professional colleague, and collaborator and advisor of Hugo Campos, and both projects come from the same patient-directed AI advocacy community. This profile should not be read as independent review, and third-party review is invited.

Who is left out or burdened?

Technical and security burden is substantial

Self-hosting favors users with hardware, time, and security confidence. Public evidence did not establish accessibility, multilingual support, low-literacy support, disability testing, or safety for vulnerable/caregiver power dynamics.

What happens to patient data?

Patient-controlled and self-hosted by design, with LLM egress caveats

Docs say the developer does not receive health data, iOS sends HealthKit only to the configured server, AI calls require consent, and ModelRun audit records track provider/input mode. If PHI is sent to an external LLM provider, that provider's terms apply.

Are the clinical boundaries clear?

Clear in wording, high-stakes in use

Docs say OwnChart is not medical advice, not a medical device, not emergency triage, and does not tell users to start, stop, or change medication or deliver diagnostic verdicts.

Who defined what good looks like?

Patient-maintainer-defined and source-auditable

The philosophy and security model are unusually explicit and CAIHL-aligned, but no independent security audit, clinical safety evaluation, usability study, accessibility testing, or patient-partnered outcome study was found.

Review method

Deep public-source review of ownchart.me, the public GitHub repository, README, privacy policy, philosophy, security model, risk/legal guide, shipped-vs-roadmap documentation, FHIR connector documentation, license context, HIPAA right-of-access context, FDA software-function context, and SMART on FHIR background; no hands-on install, real-PHI testing, code audit, security audit, or maintainer interview.

Draft profile · Medium-high draft, source-available