Contact Us

Privacy Policy

1. Introduction

The Artificial Intelligence & Data Science Business Unit (“AI & DS”) is part of HEALWELL AI Inc. and brings together Khure Health and Pentavere Research Group Inc. operations under a unified operating model. AI & DS develops and operates advanced analytics, clinical decision support, natural language processing, and real-world evidence solutions that support healthcare providers, health systems, research institutions, and life sciences partners.

This Privacy Policy explains how AI & DS collects, uses, discloses, retains, and protects personal information (“PI”) and personal health information (“PHI”) in connection with its products and services. AI&DS is committed to protecting the PI and PHI that is held by us and operates in accordance with applicable privacy and health information legislations.

 

2. Our Role in Processing PI and PHI

In most cases, AI & DS acts as an agent, service provider, or information manager on behalf of healthcare providers, hospitals, research institutions, or other health information custodians (“custodians”). AI & DS does not independently determine the purposes for which patient PHI is collected. Patient PHI is processed:

  •  Under the authority and direction of the applicable custodian
  • In accordance with contractual arrangements
  • In accordance with Research Ethics Board (REB) approved protocols
  • In compliance with applicable privacy and health information legislation

AI & DS does not use identifiable patient PHI for independent commercial purposes.

 

3. AI & DS Products and Services

The AI & DS business unit develops and delivers advanced digital health solutions that leverage clinical data, analytics, and artificial intelligence to support healthcare providers, health systems, researchers, and life sciences organizations. These solutions include:

  • Clinical Decision Support (CDS) – AI-enabled tools integrated with EMR systems that analyze patient data to identify patients at risk of rare or complex diseases, surface guideline-based insights, support risk stratification and highlight potential clinical trial eligibility, where authorized.
  • Real-World Evidence & Advanced Analytics – Data extraction, natural language processing, and analytics platforms that transform structured and unstructured clinical data, identify patient cohorts, generate population-level insights, support REB-approved studies, produce real-world evidence (RWE) outputs, and enable quality improvement and health system reporting.
  • Data Enrichment and Structuring Services – Solutions that convert raw or unstructured PHI into structured formats, perform data standardization and validation, and support clinical operations and research analytics.

 

4. Information we collect and how we use it

A. Information related to healthcare providers and authorized users

When healthcare providers, researchers, or authorized users interact with AI & DS platforms, we may collect:

  • Account and contact information: Names, job titles, email addresses, and other professional contact details provided by administrators, clinicians, or support users.
  • Credentials and access-control information
  • Usage data, system logs, and audit trails
  • Communications with AI & DS (support inquiries, onboarding discussions)
  • Technical information (IP address, device identifiers)

Provider related information and technical data is used for the following purposes:

  • Provisioning and administering user access
  • Providing onboarding, training and support
  • Maintaining system security and reliability
  • Improving product performance
  • Meeting contractual and regulatory obligations

B. Information related to patients

AI & DS does not typically collect PHI directly from patients. Instead, custodians make patient PHI available through EMR systems or authorized data environments. Patient PHI processed by AI & DS may include:

  • EMR data (including diagnoses, medications, laboratory results, clinical notes)
  • Demographic and administrative identifiers
  • Program or study-specific datasets
  • Cohort identifiers
  • Unstructured clinical text

All PHI processed by the AI & DS business unit is handled under the direction and authority of relevant custodians within the scope of defined protocols and contractual agreements and is used for the following purposes:

  • Clinical care support: Supporting physician decision-making, facilitating early disease detection and risk identification and generating insights to improve patient care.
  • Research and real-world evidence: Extracting and structuring data for REB-approved studies, identifying patient cohorts, producing aggregated analytics and research reports, supporting life sciences and population health initiatives.
  • Quality improvement and analytics: Identifying care gaps, supporting workflow optimization, and generating aggregate reporting dashboards.
  • Data structuring and enrichment: Transforming unstructured clinical text into structured data models, standardizing and validating datasets.

The AI & DS business unit applies strict data minimization principles and uses pseudonymized or aggregated data wherever feasible. We do not use identifiable PHI for advertising, unrelated product development or disclose identifiable PHI without custodian authorization.

 

5. Sharing of personal information

AI & DS business unit discloses patient PHI only under custodian direction or as required or permitted by law. Where analytics outputs are provided to research institutions or life sciences partners, such outputs are de-identified or aggregated unless the custodian expressly instructs otherwise and has the legal authority to do so.

AI & DS may use vetted third-party service providers to handle PI and PHI, including those supporting infrastructure and cloud hosting, security monitoring, data processing and analytics environments. All vendors are contractually bound to confidentiality and security obligations consistent with applicable healthcare privacy laws. We may be obligated to disclose the personal information we collect in response to lawful government requests or court orders or corporate transactions (subject to continuity of safeguards).

 

6. Artificial Intelligence and Analytics

AI & DS platforms may use machine learning or advanced analytics to generate insights. AI-assisted outputs are intended to support clinical and operational decision-making and are deployed under custodian authorization. Our AI-assisted solutions do not replace clinical judgement. We do not use identifiable PHI to train AI models, unless explicitly authorized by our contracts and permitted under applicable laws.

 

7. Cross-border Data Transfers

Depending on hosting and support configurations, information may be processed in jurisdictions outside where it was collected. Where cross-border processing occurs, AI & DS implements appropriate safeguards including, contractual privacy and confidentiality requirements, encryption and access controls, vendor assessments and monitoring, etc. Custodians remain responsible for ensuring compliance with applicable consent or notification obligations.

 

8. Data Security

AI & DS actively seeks to maintain the privacy of the information under our control. To prevent unauthorised use, maintain data accuracy, and ensure the appropriate use of information, we have put in place appropriate

physical, electronic, and administrative procedures to safeguard and secure the information we collect. These include encryption (in transit and at rest), RBAC, audit logging and monitoring, continuous oversight of processing environments, etc.

 

9. Data Retention

We retain PI and PHI for only as long as necessary to meet applicable legal, regulatory and contractual obligations. Aggregated data may be retained for analytics, reporting, or system improvement purposes, where authorized by the custodian.

 

10. Your Rights

Subject to certain limitations and depending on the applicable privacy laws, providers, patients and staff, as applicable, have rights under privacy laws to access the personal information that AI & DS holds regarding them, and have it corrected where necessary, subject to some exceptions. Depending on the country patients or providers reside in, they may also have rights to access their personal information in a portable, electronic format, a right to have their personal information erased, a right to know the third parties with whom their personal information has been shared with and/or a right to object to AI & DS processing their personal information. Individuals also have rights, under applicable laws, to lodge a complaint with the relevant data protection or privacy authorities if they believe we are not handling their personal information in accordance with the law. Where AI & DS acts as an agent/ service provider/ information manager, the applicable custodian remains responsible for responding to individual rights requests. AI & DS assists custodians as contractually required.

For any questions or concerns about our privacy practices or this policy, please contact our Privacy Office at [email protected]

 

11. Changes to this Privacy Policy

This policy may be updated from time to time. The date of the most recent revisions will appear on our page. If you do not agree to these changes, please do not continue to use our website or to submit personal information to AI & DS via our website.

🏆 Pentavere Wins 2024 Prix Galien Award for Best Digital Health & Medical Technology Startup!
Learn More
Heart Failure Patient Identification & Optimization Program Powered by DARWEN™ AI 
Learn More