Data Transition Policy
2
3

HeyDonto Data Transition Policy

This policy explains how HeyDonto leverages AI for data mapping, standardization, and an optional knowledge graph feature. Our commitment is to ensure that all patient and practice data is handled ethically, securely, and solely for the benefit of the dental office and its authorized users.


1. Purpose of Our AI Model

  1. Data Structure Understanding

    • We have developed a neural network that learns to map varied EHR data structures into the FHIR standard.

    • This training process does not rely on personal health information (PHI) content for intelligence; instead, it focuses on structural mappings (i.e., field correlations, data schemas, and pattern recognition).

  2. Primary Goal

    • Our AI model’s primary purpose is to improve and accelerate the process of converting EHR data—regardless of vendor or format—into a consistent, FHIR-based format.

    • By automating much of the data transformation, we reduce manual effort, improve data quality, and promote interoperability across different systems.

  3. Limited Use of Received Data

    • The data we collect from each site is used exclusively to refine and validate these mapping algorithms.

    • We do not use patient demographics or clinical content to train unrelated AI features or for any secondary commercial use.

2. Ethical and Privacy-First Approach

  1. Restricted Scope

    • We only examine structural and metadata elements (e.g., field names, formats, relationships between data points) to determine how EHR data aligns with FHIR.

    • Actual content (like patient names, diagnoses, or other identifiable clinical details) is not utilized to train the model’s transformation rules.

  2. Confidential Data Handling

    • Any confidential identifiers (e.g., patient IDs, internal record IDs) are never extracted to feed the model’s core learning.

    • We maintain primary key references in our system only to synchronize updates back to the original EHR if a user decides to mutate records via HeyDonto’s API—ensuring an audit trail and data linkage where needed.

  3. Regulatory Compliance

    • Our processes align with HIPAA, GDPR, and other applicable healthcare privacy regulations.

    • Training datasets are kept access-controlled and limited to authorized personnel who maintain or improve the mapping AI.

    • We do not share these datasets or any sensitive derived information with third parties.

3. Knowledge Graph & Vector Database (Opt-In Feature)

  1. Knowledge Graph Generation

    • Once data is standardized and stored in the FHIR repository, our system can optionally build a knowledge graph (or vector database) representing the site’s data.

    • This knowledge graph can be used to power prompt-based queries or advanced data exploration via the HeyDonto Assistant.

  2. User Control & Enablement

    • Default Setting: The knowledge graph is disabled by default. The clinic or authorized user must explicitly enable this feature if they wish to leverage enhanced prompting capabilities.

    • Data Usage in the Knowledge Graph:

      • The graph references the standardized records in the FHIR datastore.

      • Users can also add supplementary documents or instructions to further enrich the context.

      • No private data is automatically shared outside the user’s environment; the knowledge graph is site-specific and remains under that site’s control.

  3. Prompt-Based Features

    • When enabled, the HeyDonto Assistant can answer questions or generate insights based on the structure and content of the FHIR data (plus any additional user-provided documents).

    • All responses or prompts are restricted to the data that belongs to that specific site.

    • The user can disable or limit these prompt-based features at any time.

  4. Ethical & Privacy Protections

    • We apply the same strict security measures (e.g., encryption, access control) to knowledge graph data as we do to all other PHI.

    • Any vector database used for the knowledge graph is isolated per site to prevent cross-contamination of data from different practices.

    • We do not use a site’s vector database for global AI training—the knowledge graph remains local to that site’s environment.

4. Data Retention & Transparency

  1. Retaining Transformation Rules

    • The AI model retains transformation “rules” or “mapping patterns,” not raw content. This approach ensures that improvements to the AI do not reveal patient identities or proprietary clinic data.

  2. User Rights & Data Ownership

    • Each clinic owns its data, including any transformations or structured outputs.

    • Users can request to remove or export the knowledge graph if they no longer wish to leverage these AI features, subject to legal or compliance retention requirements.

5. Implementation Details

  1. Neural Network Training Pipelines

    • Training occurs on secure servers with access-limited data sets.

    • Periodic retraining or fine-tuning may be performed to refine the model for new EHR formats, with strict oversight to ensure only structural patterns are used.

  2. Primary Key References

    • We store references (e.g., local IDs, EHR record IDs) in a protected database so that if a user updates a record via HeyDonto’s API, we can trace back the update to the original EHR system.

    • These references do not expose raw PHI to the transformation model; they exist solely for operational linkage.

  3. Opt-In Configuration

    • The knowledge graph is spun up only if a user toggles the feature ON (through the admin panel or a separate user agreement).

    • Additional documents or instructions for the graph are user-supplied; we do not automatically import or index external data.

6. Summary of Ethical Commitments

  1. Data Minimization

    • We collect and process only the data required to map EHR systems to FHIR accurately.

  2. No Unauthorized AI Training

    • Patient data is never used to train or enhance AI features that go beyond the scope of FHIR mapping and user-enabled knowledge graph functionalities.

  3. User Choice & Control

    • All advanced usage (like the knowledge graph) is opt-in. Users remain in control of their data and can disable features at any point.

  4. Secure & Compliant

    • Strict encryption, role-based access, and regulatory adherence ensure that data remains secure and private throughout the AI workflows.

7. Ongoing Oversight & Policy Updates

  • This AI Data Usage & Ethical Guidelines document is reviewed annually or whenever new features or regulatory changes require updates.

  • Any significant changes to how HeyDonto uses or processes data will be communicated to users with adequate notice and clear explanation.