Last updated: 2026. This policy applies to medisprudence.com and all Medisprudence services.
This policy governs information collected through the Medisprudence website and through service engagements. It does not apply to information governed by an executed Business Associate Agreement (BAA), which controls PHI handling separately.
Through inquiry forms: Name, email, firm name, role, case type, approximate record volume, and general case description. These forms exclude PHI by design. Through engagements: Once a BAA is executed, Medisprudence receives medical records containing PHI. PHI handling is governed by the executed BAA.
Physician review is performed outside the United States. Cross-border processing is disclosed before records are accepted and proceeds only after BAA execution.
Where AI-assisted extraction is used for PHI-containing records, it is used only through systems covered by appropriate contractual safeguards. PHI is not entered into public consumer AI tools. Records are not used for model training.
Retention and deletion is governed by the executed BAA. Default practice is to retain only what is needed for the defined scope and to delete upon instruction or engagement close.