Workspace data
- Account and organization membership
- Patient demographics and contact fields
- Appointments, documents, vitals, notes, and history
Privacy posture
Privacy information for an active-development clinical workspace.
MediFlow is being prepared for controlled pilot use. This page explains the current product privacy posture, the boundaries Kesharon is designing around, and the claims that are not complete yet.
What MediFlow handles
Privacy work starts with concrete data boundaries.
Operational controls
- Appwrite-backed account access, data storage, file handling, server execution, and site-delivery boundaries
- Role-aware access and server-side mutation boundaries
- Audit metadata designed around IDs, counts, statuses, and safe flags
AI boundary
- Manual workflow assistance only
- Approved server-side tools and compact operational facts
- Human review, quota, cache, and PHI-safe audit work still tracked for pilot hardening
AI and privacy boundary
The copilot is workflow assistance, not clinical authority.
The operations copilot should work through approved server-side tools, compact operational facts, PHI minimization, feature flags, quota policy, cache policy, and human review. It must not be positioned as diagnosis, treatment recommendation, clinical interpretation, or autonomous decision-making.
Not complete yet
Claims stay narrow until legal, vendor, and operational evidence exists.
- This page is product privacy information, not a final legal privacy policy.
- Do not treat compliance, DPA, BAA, DPIA, retention, or data-subject-rights operations as complete.
- Production PHI use requires written agreement, provider configuration, vendor/legal review, access controls, retention policy, and operational evidence.