Medicus 360 Provider Reference Suite

Medicus does not collect, store, or transmit Protected Health Information

The Medicus 360 platform is a provider reference and calculation toolkit. It is designed so that Protected Health Information (PHI) stays on the provider's device.

Lab files are parsed locally in your browser

When you upload a lab PDF to the Lab Test Analysis tool, the file is parsed entirely in your web browser. The PDF is not uploaded to Medicus, is not sent to any third-party AI service, and is not written to any Medicus server, database, or storage bucket. When you close the tool, the file is gone.

Saved chart notes are de-identified

Chart notes saved within the tools store only the inputs and outputs of the calculation, tied to a provider-chosen case reference. The tools warn you when a case reference looks like patient name, date of birth, medical record number, or other identifying information. Do not enter PHI into case reference fields. Medicus is a clinician reference tool, not a system of record or an electronic health record.

Provider responsibility

Because PHI never reaches Medicus, providers are solely responsible for the security of any patient information on their own device, including downloaded lab PDFs, generated chart-note PDFs, browser cache, and screen sharing during use of the tools. Providers are also responsible for complying with HIPAA, state law, and clinic policy when handling PHI on their own systems.

Business Associate Agreement

Because Medicus does not create, receive, maintain, or transmit PHI on behalf of a covered entity, Medicus is not acting as a HIPAA Business Associate for use of the platform as designed, and a Business Associate Agreement is not required for standard use. Providers who choose to enter PHI into free-text fields contrary to the guidance above do so at their own risk.

Questions