Access Grants
An access grant is your consent for another person or AI agent to access one of your resources — a data record, file, calendar, inbox, or similar — for a limited time. Grants expire automatically, can be revoked at any time, and every decision is logged for compliance.
How access grants work
When a workflow, AI agent, or operator needs temporary access to your data, it creates a pending grant request and waits for your approval. You decide whether to allow or deny. If you approve, the grant becomes active and the requester can access the resource until the grant expires or you revoke it.
| Status | Meaning |
|---|---|
| Pending | Request received — waiting for your decision |
| Active | You approved — access is live |
| Denied | You declined — no access was given |
| Expired | The grant's time window passed — access ended automatically |
| Revoked | You ended the grant early before it expired |
Receiving a grant request
You may receive a grant request in several ways:
- Chat message — the AI agent or a care coordinator asks for your consent directly in a conversation
- DTMF prompt — during a phone call, you are asked to press a key to confirm
- SMS confirmation — you receive a text and reply to approve
- Workspace UI — a notification appears in your member profile under the Access Grants tab
Each request shows:
- Who or what is requesting access
- Which resource is being requested (e.g. "your care plan record")
- How long the access would last (e.g. "for 60 minutes")
Approving or denying a request
In a chat or phone call
Respond as prompted — say yes or press the indicated key. The grant is recorded with your consent method automatically.
In the workspace UI
- Open your profile (top-right menu → My Profile) and select the Access Grants tab, or navigate to your member page.
- Find the pending request in the list.
- Click Approve or Deny.
- The grant moves to Active or Denied immediately.
Denying a request does not affect your other data or access to the workspace — it only prevents this specific access.
Viewing your grants
You can see all grants associated with you:
Grants received (others can access your resources)
These are grants where you are the data owner who consented. Find them under:
- Your member profile → Access Grants → Received
Each entry shows the requester, resource, consent method, status, and expiry time.
Grants given (you can access others' resources)
These are grants where you are the party who was granted access. Find them under:
- Your member profile → Access Grants → Given
Revoking an active grant
If you change your mind after approving:
- Open your member profile → Access Grants → Received.
- Find the active grant you want to end.
- Click Revoke.
- Access ends immediately — the grant status changes to Revoked.
Revocation takes effect instantly. The requester loses access to your resource as soon as you revoke.
Expiry behavior
Most grants include an expiry time set by the requester (for example, "access for the next 2 hours"). You will always be shown this duration before approving.
- The system checks for expired grants every 5 minutes and marks them Expired automatically.
- Expired grants cannot be reactivated — a new request must be made.
- If no expiry time was set, the grant remains active until you revoke it or an admin ends it.
Compliance and audit trail
All grant decisions — approvals, denials, revocations, and expiries — are recorded as consent events in the compliance audit log. This is required for HIPAA and SOC 2 compliance. You cannot delete grant history; records are retained per your workspace's data-retention policy.
If you have questions about a specific grant or notice unexpected access requests, contact your workspace administrator.