Privacy & security

Who sees my data?

A plain-English breakdown of who has access to your records and how to revoke access.

Updated: Updated April 3, 2026
Reading time: 6 min read
Tags: hipaaprivacyaccess

Your records belong to you. This article explains who in the system can see them, why, and how to limit access.

Inside the clinic

Your provider, anyone they actively delegate to (nurses, scribes), and front-desk staff for administrative info only. The audit log shows you every access — visible under My info → Privacy log.

EnWella as the platform

A small on-call engineering team can access encrypted backups for incident recovery. Records are never used for advertising and we never sell PHI to anyone, ever.

Records you share via the portal go where you send them — typically another doctor's office. The link is one-time and expires after seven days. You can revoke any share at any time.

Frequently asked questions

Can my employer see my records?

No. Even if your employer pays for your visits (e.g. occupational health), they only see what you explicitly authorize per visit.

What about insurance?

Insurers see what is on the claim — diagnosis codes, procedure codes, dates. They do not see notes unless you authorize it.

Was this article helpful?

Be the first to rate this article.

Set up two-step verification

Add a second factor to your sign-in, even if you use a passkey.

4 min read

Linked accounts for family

How parents manage minor children, and how proxy access for older adults works.

5 min read