Privacy Policy — AI Patient Advocate
Effective Date: March 26, 2026 | Last Updated: March 26, 2026
1. Who We Are
AI Patient Advocate is a Personal Health Record (PHR) and claims auditing tool operated by Richard Scheipe ("we," "us," or "our"). The application is designed to help Medicare beneficiaries and their authorized caregivers review Explanation of Benefit (EOB) records, identify billing discrepancies, and prepare appeal documentation.
2. What Data We Collect
When you authorize AI Patient Advocate to connect to your Medicare account, we retrieve the following data through the Blue Button 2.0 API:
- Patient demographic information — name, date of birth, Medicare Beneficiary Identifier (MBI), and address, only if you choose to share this data during the Medicare authorization flow.
- Explanation of Benefit (EOB) records — Medicare Parts A, B, and D claims data, including dates of service, provider information, diagnosis codes, procedure codes, billed amounts, Medicare payment amounts, and patient responsibility amounts.
We do not collect passwords, Social Security numbers, financial account numbers, or any data beyond what the Blue Button 2.0 API provides.
3. How We Use Your Data
Your Medicare data is used exclusively for the following purposes:
- Displaying your claims history in a readable format.
- Identifying potential billing errors, overcharges, and denied claims eligible for appeal.
- Generating draft appeal and redetermination letters (CMS-20027) for your review.
- Producing financial summary reports of your patient responsibility exposure.
We do not use your data for advertising, marketing, research, or any purpose other than those described above.
4. How We Store Your Data (Local-First Architecture)
AI Patient Advocate follows a local-first architecture. This means:
- All Medicare data retrieved through the Blue Button API is stored exclusively on your personal computer.
- We do not operate centralized servers, cloud databases, or remote storage of any kind for your health data.
- OAuth session tokens are stored locally in an encrypted vault directory on your device.
- The security of your data depends on the security of your local device. We recommend keeping your operating system updated, using disk encryption, and securing your device with a strong password.
5. Data Sharing
We do not share your data. Specifically:
- We do not sell, rent, license, or trade your personal or medical data with any third party.
- We do not share data with advertisers, data brokers, analytics companies, or research organizations.
- We do not transmit your data to any external server, API, or cloud service beyond the initial retrieval from the Blue Button 2.0 API.
- We do not use third-party vendors, subprocessors, or service providers that would receive, process, or have access to your health data.
6. De-Identified, Anonymized, or Aggregated Data
We do not de-identify, anonymize, pseudonymize, or aggregate your data for any purpose. Your data remains in its original form on your local device and is not processed or transformed for secondary use.
7. Revoking Access
You may revoke AI Patient Advocate's access to your Medicare data at any time through your account settings at Medicare.gov. Upon revocation:
- The application will no longer be able to retrieve new data from the Blue Button API.
- Any data previously downloaded to your local device will remain on your device until you choose to delete it.
- You can delete all locally stored data at any time by removing the application's
data/ directory from your computer, or by using the built-in "Delete All My Data" function.
8. Dormant and Closed Accounts
Because all data is stored locally on your device, there are no "accounts" to become dormant or closed in the traditional sense. If you stop using the application:
- Your data remains on your local device until you delete it.
- OAuth tokens will expire naturally (access tokens expire after 10 hours; refresh tokens expire per CMS policy).
- No data is retained on any server or system outside your control.
9. Changes to This Privacy Policy
If we update this privacy policy, we will:
- Post the revised policy at this URL with an updated "Last Updated" date.
- Display a prominent notice within the application interface describing what has changed.
- Give you the opportunity to review the changes and choose whether to continue using the application under the updated terms.
- Submit draft changes to CMS for review before publication, as required by the Blue Button 2.0 API Terms of Service.
Material changes will not take effect for existing users until 30 days after the notification is posted.
10. Security Breach Notification
In the event that we discover a vulnerability in the AI Patient Advocate software that could compromise the security of your locally stored data, we will:
- Notify affected users within 60 days of discovery through the application interface and, if available, via email.
- Describe the nature of the vulnerability, the data potentially at risk, and the steps you can take to protect your information.
- Provide a software update or patch to address the vulnerability.
This notification process is consistent with the FTC's Health Breach Notification Rule requirements for personal health record vendors.
11. Sale or Transfer of the Application
In the event that AI Patient Advocate or its assets are sold, transferred, or acquired by another party:
- You will be notified at least 30 days before any transfer that could change how your data is handled.
- Because your data is stored only on your local device, no health data would be transferred as part of such a transaction.
- Any successor organization would be required to honor the terms of this privacy policy or obtain your renewed consent under a new policy before accessing any data.
12. Children's Privacy
AI Patient Advocate is intended for use by Medicare beneficiaries and their authorized caregivers. We do not knowingly collect data from children under the age of 13.
13. Your Rights
As a user of AI Patient Advocate, you have the right to:
- View all data stored by the application on your device at any time.
- Delete any or all of your data at any time.
- Revoke the application's access to your Medicare data.
- Receive clear information about how your data is used.
- Be notified of any security vulnerability affecting the application.