Artificial Intelligence, Communication, and Data Policy

Private Health Management, Inc.

Effective Date: June 12, 2026
Last Updated: June 12, 2026

1. Purpose

This Artificial Intelligence (“AI”), Communication & Data Use Policy (this “Policy”) describes how Private Health Management, Inc. (“PHM,” “we,” “us,” or “our”) collects, uses, processes, and protects data—including healthcare-related information—when delivering its services. PHM utilizes proprietary databases, credentialed clinical and scientific professionals, and AI-enabled technologies to assist clients in identifying and navigating healthcare programs and resources. This Policy also sets forth PHM’s requirements regarding AI technologies employed by PHM and by our clients in connection with PHM’s services, ensuring that these tools are used responsibly, securely, and in compliance with applicable laws. By engaging PHM’s services, you acknowledge and agree to the terms of this Policy.

2. Scope

This Policy supplements PHM’s Privacy Policy (available at https://privatehealth.com/privacy-policy/) and Notice of Privacy Practices, and applies to:

  • All client data processed by PHM;
  • All electronic communications;
  • All AI-enabled tools and systems used in or in connection with PHM’s service delivery, whether operated by PHM or by a client; and
  • All employees, contractors, and approved subprocessors.

3. Guiding Principles

PHM operates under the following principles:

  • Data Minimization: We collect and process only the data necessary to perform contracted services.
  • Security by Design: We implement strong safeguards to protect all data.
  • Human Oversight: AI does not replace human judgment in healthcare-related contexts.
  • Confidentiality: Client data and AI-generated outputs incorporating any client data are treated as confidential.
  • Compliance: We align with applicable healthcare compliance and data privacy regulations, including HIPAA, where applicable.
  • Transparency: We provide clear information to clients regarding how AI is used in the delivery of our services and the limitations of AI-generated outputs.

4. AI Usage & Limitations

PHM employs AI as one component of a broader service model that integrates the expertise of credentialed professionals (including doctoral-level clinicians and scientists) with proprietary databases and evidence-based research. AI is a tool that supports, but does not replace, the professional judgment of PHM’s team.

  • AI is used solely to support operational efficiency, analytics, research synthesis, and administrative workflows.
  • We engage only vetted, enterprise-grade third-party AI providers under strict data protection agreements that include confidentiality, use restrictions, and prohibitions on the use of client data for model training.
  • AI is not used to make autonomous clinical decisions, provide medical diagnoses, or render medical recommendations. All program recommendations generated with AI assistance are reviewed and validated by qualified PHM professionals before being communicated to clients.
  • All AI-generated outputs are subject to human review where they may impact client outcomes; raw AI-generated outputs are not shared externally.
  • AI outputs are probabilistic in nature and may contain inaccuracies, omissions, or outdated information. AI-generated outputs should not be relied upon as a substitute for professional medical advice, diagnosis, or treatment, and clients should not act on such outputs without independent validation by their treating physicians or other qualified healthcare professionals.

5. Data Security

We implement administrative, technical, and physical safeguards, including:

  • Encryption of data in transit and at rest;
  • Role-based access controls;
  • Secure cloud infrastructure (e.g., Amazon Web Services, Azure, Google Cloud);
  • Continuous monitoring and vulnerability management;
  • External audits and certifications, where applicable.

6. Prohibited Third-Party AI Tools

Clients and any persons participating in PHM meetings, calls, or consultations on behalf of a client are strictly prohibited from using any third-party AI-powered tools in connection with PHM’s services without PHM’s prior written consent. This prohibition includes, without limitation:

  • AI Note-Taking and Transcription Tools. Automated meeting assistants, AI-powered transcription services, or any software that records, transcribes, summarizes, or otherwise processes audio or video from PHM meetings or communications (including, by way of example, tools such as Otter.ai, Fireflies.ai, Microsoft Copilot meeting features, Google Gemini, Notion AI, or similar applications);
  • AI Recording Bots. Any automated “bot” or virtual participant that joins a meeting for the purpose of recording, transcribing, or analyzing the meeting content;
  • AI-Assisted Analysis Tools. Any AI tool used to analyze, summarize, categorize, or derive insights from PHM communications, documents, reports, or recommendations (other than tools expressly provided or authorized by PHM);
  • Generative AI Input. Uploading, copying, or inputting any PHM-provided information, including reports, recommendations, communications, or meeting content, into any generative AI platform, large language model, chatbot, or similar tool (e.g., ChatGPT, Claude, Gemini, Perplexity) without PHM’s prior written consent; and
  • Unauthorized Sharing of AI Outputs. Sharing, distributing, or circulating any AI-generated summaries, transcripts, or analyses of PHM meetings, communications, or deliverables with any third party.
  • PHM reserves the right to immediately terminate or suspend any meeting, call, or session in which a prohibited AI tool is detected or reasonably suspected to be in use. Clients acknowledge that any unauthorized use of AI tools in connection with PHM’s services constitutes a material breach of the client’s agreements with PHM.

7. Communications & Meeting Security

To protect client confidentiality and the integrity of PHM’s services:

  • Client meetings and consultations must be conducted exclusively on PHM’s designated secure platform (currently Zoom for Healthcare or an equivalent HIPAA-compliant platform as designated by PHM). Use of any other videoconferencing, teleconferencing, or meeting platform, including platforms selected or scheduled by the client, is not permitted without PHM’s prior written approval.
  • Encrypted email and PHM-approved secure communication channels are required for all client communications that contain or reference client information.
  • Recording of client meetings by PHM occurs only with advance written notification to the client. PHM’s internal recordings, if any, are maintained in accordance with Section 8 (Data Retention & Deletion) of this Policy and are not shared externally in raw or unedited form.
  • PHM personnel shall not use texting, SMS, or consumer messaging applications (including but not limited to WhatsApp, iMessage, Signal, or Telegram) to transmit any content that contains or references Protected Health Information (“PHI”), client health data, or PHM service recommendations.
  • Clients are responsible for ensuring that all participants they invite to PHM meetings or calls are informed of and comply with the requirements of this Policy, including the prohibition on third-party AI tools set forth in Section 6.

8. Data Retention & Deletion

  • Data is retained only as long as necessary to fulfill contractual and legal obligations.
  • Clients may request deletion of their data, subject to regulatory requirements.
  • Secure deletion methods are applied to ensure data cannot be reconstructed.

9. Client Responsibilities

By engaging PHM’s services, clients acknowledge and agree to the following responsibilities:

  • Clients shall not use, enable, or permit any third-party AI tools, including AI note-taking, transcription, recording, or summarization tools, in connection with PHM meetings, communications, or deliverables, except as expressly authorized by PHM in writing.
  • Clients shall not upload, input, copy, or otherwise submit any PHM-provided information into any AI platform, generative AI tool, or machine learning system without PHM’s prior written consent.
  • Clients shall review all outputs and recommendations for accuracy and shall consult with their treating physicians or other qualified healthcare professionals before relying on PHM outputs for any medical or health-related decisions. PHM outputs are informational only and do not constitute medical advice.
  • Clients shall not distribute, circulate, forward, or share PHM reports, recommendations, communications, or meeting content with any third party except as permitted under the client’s service agreement with PHM.
  • Clients shall avoid submitting unnecessary or highly sensitive regulated data to PHM unless required for the performance of contracted services.
  • Clients shall promptly notify PHM if they become aware of any unauthorized use, disclosure, recording, or AI processing of PHM information or meeting content.

10. Compliance & Regulatory Alignment

We align our practices with applicable regulations and standards, including without limitation:

  • HIPAA and the HITECH Act (where applicable)
  • GDPR (for international data subjects, where applicable)
  • Applicable state consumer privacy laws (e.g., CCPA/CPRA, as applicable)
  • Applicable state health data privacy laws
  • Applicable AI governance frameworks and executive orders

11. Enforcement & Remedies

Violation of this Policy by a client or any person participating in PHM services on behalf of a client may result in one or more of the following actions, at PHM’s sole discretion:

  • Immediate suspension or termination of the meeting, call, or session in which the violation occurred;
  • Suspension or termination of the client’s service agreement with PHM;
  • Pursuit of injunctive relief or other equitable remedies to prevent further unauthorized use or disclosure;
  • Recovery of damages, costs, and fees arising from the violation; and
  • Reporting to applicable regulatory authorities where required by law.

The remedies set forth in this Section are cumulative and are in addition to any other rights or remedies available to PHM under the client’s service agreement, at law, or in equity.

12. Auditing & Policy Updates

PHM periodically reviews and audits compliance with this Policy, including through technological monitoring of its platforms for unauthorized AI tool activity.

This Policy is subject to update from time to time. Material changes will be communicated to clients, and the updated Policy will be posted on PHM’s website. Continued use of PHM’s services following any update constitutes acceptance of the revised Policy.

13. Contact Information

For questions regarding this Policy, to report a suspected violation, or to request written authorization for the use of a third-party tool, please contact: [Contracts@privatehealth.com].