Flexpa
Developer PortalGet SandboxTry it yourself

Guides

  • Home
  • Quickstart
  • Agent guide
  • Claims data guide
  • Financial data guide
  • Parsing FHIR data

Network

  • Network guide
  • Directory
  • Directory MCP server

Consent

  • OAuth
  • Patient linking
  • Usage patterns
  • Patient access

Records

  • FHIR API
  • Webhooks
  • Data Sheet
  • Node SDK
  • SMART Health Links API
  • Terminology

Misc

  • Changelog
  • Support
    • Privacy & Security Notice
    • AI Disclosure
      • Our Approach to AI
      • AI Service Providers
      • Data Handling and Model Training
      • Security Controls
      • Research and Publications
      • Changes to This Disclosure
      • Contact
    • Subprocessors
    • Security
    • Terms of Service
    • Business Associate Agreement
    • Service Agreement
  • Flexpa OS
  • We're hiring

AI Disclosure

Last Updated March 17, 2026

This page provides transparency about how Flexpa USA, Inc. ("Flexpa") uses artificial intelligence across our platform. It supplements our Privacy & Security Notice and Subprocessors documentation.

#Our Approach to AI

Flexpa integrates artificial intelligence to enhance patient access to health data and improve healthcare data comprehension. Our AI development is guided by three principles:

  1. Patient-First Design — AI features help patients understand their health records, identify insurance providers, and troubleshoot connection issues.

  2. Data Minimization — We send only the necessary data to AI providers. Patient health information is processed transiently and is not used to train AI models.

  3. Open Research — We contribute to healthcare AI research through publications including SQL on FHIR for LLM context reduction and the LLM FHIR Eval benchmark.

AI features at Flexpa began development in 2024, starting with insurance provider identification assistance and expanding to include health records comprehension and developer support tools. Our approach emphasizes using AI to simplify complex healthcare data rather than to replace human decision-making.

#AI Service Providers

Flexpa uses the following AI service providers. These are also listed on our Subprocessors page.

ProviderModels UsedPurposeData Location
AnthropicClaude (Haiku, Sonnet, Opus)Conversational AI, healthcare data comprehensionUnited States
OpenAIGPT-4o-mini, GPT-5-nanoPage classification, structured data extractionUnited States

Both providers offer enterprise agreements with data protection commitments. We use their APIs directly and do not use any consumer-facing products from these providers.

#Data Handling and Model Training

#Model Training

Customer and patient data is not used to train AI models. We use API agreements with our AI providers that explicitly exclude customer data from training. Specifically:

  • Anthropic API usage is covered by their enterprise terms which prohibit training on customer data
  • OpenAI API usage is covered by their enterprise terms which prohibit training on customer data

#Data Retention

AI interactions are processed transiently. We do not:

  • Store conversation transcripts in AI provider systems beyond the request lifecycle
  • Send data to AI providers for batch processing or offline analysis
  • Retain AI-generated outputs beyond what is necessary to serve the user's request

#Security Controls

All AI features implement the following security controls:

#Rate Limiting

FeatureRate Limit
App Chat (Flexpal)30 requests/minute, 200 messages/day per client
Link ChatRequest-based throttling
Portal ChatSession-based limits

#Input Validation

  • All user inputs are validated and sanitized before being sent to AI providers
  • System prompts include explicit instructions to reject attempts to override safety guidelines
  • Tool definitions restrict AI actions to documented capabilities

#Timeout Controls

  • All AI requests have timeout limits (typically 120-180 seconds)
  • Long-running requests are automatically terminated

#Web Search Restrictions

Where AI features include web search capabilities, searches are restricted to whitelisted domains including:

  • Healthcare information sources (NIH, CDC, Mayo Clinic)
  • Flexpa documentation
  • FHIR specification resources

#Observability

  • All AI interactions are logged for security monitoring
  • We use Datadog LLMObs for tracing and anomaly detection

#Research and Publications

Flexpa contributes to open research on AI in healthcare:

  • SQL on FHIR for LLM Context Reduction — Techniques for reducing token usage when processing FHIR health data with large language models, achieving up to 92% context reduction.

  • LLM FHIR Eval Benchmark — An industry-first evaluation benchmark for testing LLM capabilities on FHIR healthcare data, published at flexpa.com/eval.

#Changes to This Disclosure

We may update this disclosure as we add or modify AI features. We will update the "Last Updated" date at the top of this page when changes are made. Material changes to AI features that affect customer or patient data handling will be communicated through our standard notification channels.

#Contact

If you have questions about our use of AI, please contact us at privacy@flexpa.com.

Status TwitterGitHub

© 2026 Flexpa. All rights reserved.