HIPAA-Compliant Lab Result Notifications

AI drafts PHI-safe notification emails directing patients to their portal. Clinical staff reviews every message before delivery.

The problem

Why this matters

Patients anxiously wait for lab results with no proactive notification, leading to repeated phone calls that burden clinical staff. Email notifications help, but lab results contain Protected Health Information that must never appear in email subjects or body text. Balancing timely notification with HIPAA compliance requires careful message crafting.

The solution

How MultiMail solves this

MultiMail's AI agent drafts HIPAA-compliant notification emails that inform patients results are ready without including any PHI. With gated_all oversight, clinical staff reviews every message to verify no protected information has leaked into the email before it reaches the patient.

1

Receive Lab Result Event

When lab results are finalized in your LIS (Laboratory Information System), the event triggers MultiMail's AI agent with the patient's contact information and result status.

2

Draft PHI-Safe Notification

The AI composes a notification that tells the patient results are available without mentioning test names, values, or diagnoses. It directs the patient to the secure patient portal for details.

3

Clinical Staff Reviews

With gated_all, clinical staff verifies that no PHI appears in the subject line, body, or any other part of the email. This is mandatory for HIPAA compliance.

4

Send to Patient

Approved notifications are sent, directing patients to log in to their portal to view results. The email includes portal login instructions and help desk contact information.

Code examples

Implementation

Send Lab Result Notification
python
import requests

API = "https://api.multimail.dev/v1"
HEADERS = {"Authorization": "Bearer mm_live_xxx"}

def notify_lab_results(patient: dict, portal_url: str):
    "cm"># IMPORTANT: Never include test names, values, or diagnoses
    body = (
        f"Dear patient,\n\n"
        f"New lab results are available for you to view in your "
        f"patient portal.\n\n"
        f"To view your results:\n"
        f"1. Log in at {portal_url}\n"
        f"2. Navigate to &"cm">#039;Lab Results'\n"
        f"3. Select the most recent entry\n\n"
        f"If you have questions about your results, please contact "
        f"your provider&"cm">#039;s office.\n\n"
        f"Help desk: (555) 123-4567"
    )

    return requests.post(
        f"{API}/send",
        headers=HEADERS,
        json={
            "from": "[email protected]",
            "to": patient["email"],
            "subject": "Your lab results are ready to view",
            "text_body": body
        }
    ).json()

# Send notification (will be queued for clinical review)
notify_lab_results(
    {"email": "[email protected]"},
    "https://portal.healthcare.example.com"
)

Notify a patient that lab results are ready without including any PHI in the email.

Batch Process Lab Results
python
import requests

API = "https://api.multimail.dev/v1"
HEADERS = {"Authorization": "Bearer mm_live_xxx"}

def process_lab_results_batch(results: list):
    sent = 0
    for result in results:
        "cm"># Only notify if patient has email on file and consented
        if not result.get("patient_email") or not result.get("email_consent"):
            continue

        response = requests.post(
            f"{API}/send",
            headers=HEADERS,
            json={
                "from": "[email protected]",
                "to": result["patient_email"],
                "subject": "Your lab results are ready to view",
                "text_body": "Dear patient, new lab results are available in your patient portal. Log in to view them."
            }
        )
        sent += 1

    print(f"Queued {sent} notifications for clinical review")

Process multiple lab result events and queue PHI-safe notifications for clinical review.

MCP Tool Integration
typescript
"cm">// Lab result notification via MCP
"cm">// IMPORTANT: Never include PHI in email content

await mcp.send_email({
  from: "[email protected]",
  to: patient.email,
  subject: "Your lab results are ready to view",
  text_body: [
    "Dear patient,",
    "",
    "New lab results are available in your patient portal.",
    "Log in at https://portal.healthcare.example.com to view them.",
    "",
    "Questions? Contact your provider's office.",
    "Help desk: (555) 123-4567"
  ].join("\n")
});

// Tag for tracking
await mcp.add_contact({
  email: patient.email,
  tags: ["lab-notification-sent", "active-patient"]
});

Use MultiMail MCP tools for lab result notifications.

Benefits

What you get

HIPAA-Compliant by Design

The AI is trained to never include test names, values, or diagnoses in email. Gated_all review provides a second layer of PHI protection.

Reduced Phone Call Volume

Proactive notifications reduce "are my results ready?" phone calls by giving patients a timely heads-up to check their portal.

Patient Satisfaction

Patients appreciate timely notification instead of waiting days to learn results are available. It reduces anxiety and improves the care experience.

Clinical Staff Oversight

Gated_all ensures clinical staff reviews every notification, catching any edge case where PHI might inadvertently appear in the message.

Oversight

Recommended oversight mode

Recommended
gated_all
Lab result notifications involve HIPAA-protected health information. Even though the email itself should contain no PHI, gated_all provides mandatory clinical review of every message to ensure no protected information has leaked into the subject or body. The regulatory risk of a PHI exposure demands maximum oversight.
FAQ

Common questions

Why can't the email include the test name or results?
Email is not a secure channel under HIPAA. PHI including test names, values, and diagnoses must only be accessed through authenticated, encrypted channels like a patient portal. The notification email simply tells the patient to log in.
Why gated_all instead of autonomous for templated notifications?
Despite being templated, the stakes of accidentally including PHI are too high. A HIPAA breach can result in fines up to $1.5M per violation. Gated_all ensures clinical staff verifies every notification before delivery, even if the template is standardized.
What if the patient doesn't have a portal account?
Include portal registration instructions and help desk contact information in the notification. The AI can detect which patients lack portal accounts and include setup instructions in their notification.
Can I differentiate between normal and critical results?
Be careful — differentiating by urgency could itself reveal PHI. A message saying "urgent results" implies a medical concern. Most healthcare organizations use a single generic notification template for all result types to avoid this issue.
Related

Explore more use cases

Appointment Reminders

operations

View guide →

Prescription Refill Alerts

notifications

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 38-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing