Privacy Policy — AI Patient Advocate

01 Who We Are

AI Patient Advocate is a Personal Health Record (PHR) and claims auditing tool operated by Richard Scheipe ("we," "us," or "our"). The application is designed to help Medicare beneficiaries and their authorized caregivers review Explanation of Benefit (EOB) records, identify billing discrepancies, and prepare appeal documentation.

02 What Data We Collect

When you authorize AI Patient Advocate to connect to your Medicare account, we retrieve the following data through the Blue Button 2.0 API:

Patient demographic information — name, date of birth, Medicare Beneficiary Identifier (MBI), and address, only if you choose to share this data during the Medicare authorization flow.
Explanation of Benefit (EOB) records — Medicare Parts A, B, and D claims data, including dates of service, provider information, diagnosis codes, procedure codes, billed amounts, Medicare payment amounts, and patient responsibility amounts.

We do not collect passwords, Social Security numbers, financial account numbers, or any data beyond what the Blue Button 2.0 API provides.

03 How We Use Your Data

Your Medicare data is used exclusively for the following purposes:

Displaying your claims history in a readable format.
Identifying potential billing errors, overcharges, and denied claims eligible for appeal.
Generating draft appeal and redetermination letters (CMS-20027) for your review.
Producing financial summary reports of your patient responsibility exposure.

We do not use your data for advertising, marketing, research, or any purpose other than those described above.

04 How We Store Your Data

Local-First Architecture: All Medicare data retrieved through the Blue Button API is stored exclusively on your personal computer. We do not operate centralized servers, cloud databases, or remote storage of any kind for your health data.

OAuth session tokens are stored locally in an encrypted vault directory on your device.
The security of your data depends on the security of your local device. We recommend keeping your operating system updated, using disk encryption, and securing your device with a strong password.

05 Data Sharing

We do not share your data. Specifically:

We do not sell, rent, license, or trade your personal or medical data with any third party.
We do not share data with advertisers, data brokers, analytics companies, or research organizations.
We do not transmit your data to any external server, API, or cloud service beyond the initial retrieval from the Blue Button 2.0 API.
We do not use third-party vendors, subprocessors, or service providers that would receive, process, or have access to your health data.

06 De-Identified or Aggregated Data

We do not de-identify, anonymize, pseudonymize, or aggregate your data for any purpose. Your data remains in its original form on your local device and is not processed or transformed for secondary use.

07 Revoking Access

You may revoke AI Patient Advocate's access to your Medicare data at any time through your account settings at Medicare.gov. Upon revocation:

The application will no longer be able to retrieve new data from the Blue Button API.
Any data previously downloaded to your local device will remain on your device until you choose to delete it.
You can delete all locally stored data at any time using the built-in "Delete All My Data" function, or by removing the application's data/ directory.

08 Dormant and Closed Accounts

Because all data is stored locally on your device, there are no "accounts" to become dormant or closed in the traditional sense. OAuth tokens expire naturally (access tokens expire after 10 hours; refresh tokens expire per CMS policy). No data is retained on any server or system outside your control.

09 Changes to This Policy

If we update this privacy policy, we will post the revised policy at this URL with an updated "Last Updated" date, display a prominent notice within the application, and submit draft changes to CMS for review before publication, as required by the Blue Button 2.0 API Terms of Service. Material changes will not take effect for existing users until 30 days after notification is posted.

10 Security Breach Notification

In the event that we discover a vulnerability in the application that could compromise the security of your locally stored data, we will notify affected users within 60 days of discovery through the application interface and, if available, via email. This is consistent with the FTC's Health Breach Notification Rule requirements for personal health record vendors.

11 Sale or Transfer

In the event that AI Patient Advocate or its assets are sold or transferred, you will be notified at least 30 days before any transfer that could change how your data is handled. Because your data is stored only on your local device, no health data would be transferred as part of such a transaction.

12 Children's Privacy

AI Patient Advocate is intended for use by Medicare beneficiaries and their authorized caregivers. We do not knowingly collect data from children under the age of 13.

13 Your Rights

As a user of AI Patient Advocate, you have the right to:

View all data stored by the application on your device at any time.
Delete any or all of your data at any time.
Revoke the application's access to your Medicare data.
Receive clear information about how your data is used.
Be notified of any security vulnerability affecting the application.

14 Contact Us

Richard Scheipe Email: rscheipe@gmail.com
Mount Laurel, NJ