Meet temetro: the open-source workspace for patient care
temetro is an open-source, self-hostable workspace for patient care: records, scheduling, prescriptions, and a private AI chat that answers in plain language, all on your own infrastructure.
In short: temetro is an open-source, self-hostable workspace for patient care. It brings records, scheduling, prescriptions, notes, and messaging into one place, and adds an AI chat that answers in plain language with clean record cards. Your data stays on your own infrastructure, and it is free and open source.
The tools were the problem
Spend time around clinics and you notice the same thing again and again. The software that holds patient information is often years, sometimes decades, behind the way people actually work. Records live in paper files or in brittle, locked-down programs that nobody can extend. Information is hard to find when it matters, easy to lose, and painful to move from one place to another. Clinicians end up fighting their tools instead of caring for patients.
That gap is where temetro started. Not as another heavy system to install and forget, but as a workspace that respects both the people using it and the people whose data it holds.
What temetro is
temetro is an open-source workspace for patient care. Patient records, scheduling, prescriptions, clinical notes, pharmacy, and team messaging come together in one place, with role-based access so each person on the care team sees exactly what their job needs. It is built to run on your own infrastructure, which means a clinic keeps control of its data instead of handing it to a vendor.
The home screen is not a maze of menus. It is a chat.
Ask in plain language, get the record back
Instead of clicking through forms to find a patient, you ask. Type a quick command like /patient 1042, or just say "show me her last three blood pressures," and temetro replies with tidy record cards: demographics, vitals, allergies, medications, problems, labs, and encounters. Cards with more behind them invite a click. Empty sections stay quiet, so the chart never feels noisy.
The AI is model-agnostic. Connect an OpenAI, Anthropic, or Gemini key, or run a local model with Ollama, all from Settings. You are never locked into one vendor.
It is also careful by design. A feature called Veil de-identifies patient data before anything reaches a cloud provider, and any change the assistant proposes waits for your one-click approval before it is written. Every action respects the permissions of your role.
Everything around the patient record
The chat is the front door. Behind it is a full clinic workspace:
- Patient records: demographics, medications, and labs as clean cards you can create, edit, transfer between clinics, and import from a CSV or JSON export.
- Scheduling and a patient portal: a calm, no-login waiting-room kiosk where patients book a visit or check whether results are ready, without ever seeing clinical values.
- Messaging: real-time, clinic-only team chat with files and appointment cards shared inline.
- Meetings: built-in peer-to-peer voice and video rooms, so calls connect directly and media never passes through our servers.
- Pharmacy: a dispensing queue and medication stock control sitting right next to the record. Ask the chat "what is running low?" and get the answer as a card.
Private by architecture
Privacy in temetro is not a setting you switch on. It is the shape of the system. Because you self-host, protected health information stays inside your own network. Because access is role-based, the owner, clinician, reception, pharmacy, and lab each see only what they need. And because the code is open source and MIT licensed, anyone can read it, audit it, and shape it to how their clinic really works.
When a clinic needs to reach a patient's phone, the Temetro Network handles it. It is a small, fast relay written in Rust that forwards sealed, end-to-end encrypted bundles and stores nothing. The relay cannot read your records. It only checks that a phone really controls its wallet before routing to it.
Toward patient-owned records
There is a longer-term idea underneath all of this. We are building toward records that belong to the patient. In that model, a patient's record can live encrypted on their own device, and a clinician's changes are cryptographically signed and only final once the patient approves them. The companion wallet app that makes this possible is still in early alpha, and we are building it in the open alongside everyone else.
Try it
You can have temetro running on your own computer in about five minutes. Follow the quickstart, read the documentation, or go straight to the source on GitHub. If any of this sounds like a problem you know, we would love your help.
Frequently asked questions
Is temetro free?
Yes. temetro is free and open source under the MIT license. You can run it, audit it, and modify it without a license fee.
Can I self-host temetro?
Yes. temetro is designed to be self-hosted. It runs on your own machine or private cloud with Docker and Postgres, so patient data never leaves your network.
Does the AI chat send patient data to the cloud?
Only if you choose a cloud model, and even then Veil de-identifies the data first. You can also run a fully local model with Ollama so nothing leaves the clinic at all.
Is temetro ready for production use?
The workspace is in beta and usable today. The patient-owned wallet app is a separate companion still in early alpha. Both are developed in the open.