Referrals & physician engagement
Referring-physician portal RFP / evaluation checklist (free, printable)
Evaluating a portal for your community and referring physicians? Use this checklist to compare vendors on the things that actually protect you — scope, governance, interoperability, and where the PHI lives.
Check your inbox — and grab it now
We've emailed the checklist to you and let our team know you're evaluating. Download it directly:
Download the PDF checklistThe checklist
Scope of access
- Read-only: external clinicians cannot chart, order, prescribe, or write back
- Each physician sees only their own patients
- Break-the-glass for emergencies is governed and separately audited
What physicians can see
- Real-time results: labs, medications, problems, imaging, documents — see results delivery
- Referral status across every intake channel — see referral status tracking
- Cancellations, no-shows, and never-booked referrals are surfaced
Onboarding & identity
- Practices self-sign-up online (no paper packet)
- Automated checks: NPI Registry, OIG-LEIE, SAM.gov
- HIM works a review queue: approve, deny, or request more info
- Practices manage their own users after approval
Interoperability
- Standards-based (HL7 v2 and FHIR) — see results routing
- Works across EMRs, not tied to a single vendor — see read-only access without your EMR
- Proven in production on our EMR, or a clear path to it
Compliance & security
- Every PHI access logged at the row level (who, what patient, when, from where)
- Business Associate Agreement (BAA) in place
- Audit log is queryable and exportable for compliance
Deployment & data
- Runs in our environment; no data exported to a vendor cloud — see HIPAA & on-premises
- A controlled window, not a second copy of the record
HIM / operations impact
- Replaces manual records-release to referring physicians
- No per-practice interface to build and maintain
Start here
New to the category? Begin with what a community physician portal is, compare it in physician portal vs HIE vs patient portal, or see how HealthPoint answers each box.
Frequently asked questions
- What should an RFP for a referring-physician portal include?
- Cover seven areas: scope of access (read-only, each physician sees only their own patients), what physicians can see (results and referral status), governed onboarding (self-signup with automated verification), interoperability (standards-based, works across EMRs), compliance and security (row-level PHI audit, BAA), deployment and data sovereignty (runs in your environment), and HIM/operations impact. The checklist on this page has the specific questions.
- Do I have to give my email to use the checklist?
- No — the full checklist is on this page, free to read and use. The form just sends you the printable PDF, which is convenient for sharing with your evaluation committee or including in an RFP.
- What separates a good referring-physician portal from a risky one?
- Scope discipline and governance. A good one is strictly read-only, limits each physician to their own patients, logs every PHI access at the row level, verifies practices during onboarding, and runs in your environment rather than exporting your data. Those are the questions that protect you.
- Does the vendor need to be on our EMR?
- Not if the portal is standards-based. A portal built on HL7 v2 and FHIR can serve community physicians regardless of which EMR you or they run, which is what lets one portal reach a mixed community. See results routing for the standards involved.