At a glance
- Authentication
- Microsoft Entra ID
- Passwords
- Never received or stored
- Patient data
- Not used
- Hospital systems
- No integration required
- Student accounts
- Not required
SimCharts
LabCharts and simulation education
Security
Security
This page describes how LabCharts approaches authentication, privacy, and data handling.
LabCharts is a web platform for healthcare simulation and medical education. It is intended exclusively for educational use.
Design principles
- Educational use only
- No patient records
- Data minimization
- Microsoft Entra ID authentication
- Minimal Microsoft permissions
Educational Platform
LabCharts is designed exclusively for healthcare education.
It is not:
- an Electronic Health Record (EHR)
- a Laboratory Information System (LIS)
- a Picture Archiving and Communication System (PACS)
- a clinical decision support system
- a patient management system
Clinical Data
LabCharts does not use real patient data.
All patient information within LabCharts is fictitious, demonstration material, or instructor-created educational content.
LabCharts does not require access to:
- Electronic Health Records
- Laboratory Information Systems
- PACS
- Hospital Information Systems
- Patient Databases
No connection to clinical systems is required or expected.
Users should never enter identifiable patient information into LabCharts.
Authentication
Instructor authentication is handled directly by Microsoft Entra ID using OAuth/OpenID Connect.
LabCharts never receives, stores, or processes Microsoft passwords.
Authentication takes place on Microsoft’s secure sign-in pages.
Existing organizational MFA and Conditional Access policies remain in effect.
Microsoft Permissions
LabCharts receives from Microsoft:
- Name
- Email address, when available
- Authentication identifier
LabCharts does not access from Microsoft:
- Password
- Calendar
- OneDrive
- SharePoint
- Teams
- Contacts
- Files
LabCharts does not request permission to read or modify Microsoft 365 content.
Participants
Students and course participants do not need an account.
Students participate using only a session code supplied by the instructor.
Students can participate immediately using only a session code, without institutional onboarding or account provisioning.
Questions
For security-related questions, institutional reviews, or pilot projects:
Last updated: June 2026