I had this request to come up. I built a preproduction model for this feature.
I am looking to get some feedback on the feature and security concerns. I have gone over a few of the security issues. Some of the security concerns are dependent on the implementation of the model.
When you review the code you will see the CSRF is missing because of our implementation requires that the patient not have to log in to upload. The link is being generated and sent to the patient via text.