Download Restrictions and Attachments

I noticed you implemented the ability to restrict the PHI a “doctor” can see based on what the “patient” selected on the form. This is great.

Beyond this I am wondering if it is possible to prevent “doctors” from downloading the PHI. I am interested in having “patients” upload attachments which will always be word documents or PDFs. Can the provider view these documents without actually downloading them?

I’m assuming the moment a “doctor” downloads an attachment I am now responsible for the security of that PHI on the “doctor’s” device. I was hoping this could be circumvented by only allowing them to view the attached document.

Thank you!