Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

 

AI use policy


Effective Date: 10 April 2025

We believe in the responsible and secure use of artificial intelligence (AI) to improve HIPAA compliant communication. This AI Use Policy outlines how Paubox uses AI and the safeguards we implement.

 

TABLE OF CONTENTS

  1. HOW WE USE AI
  2. WHAT WE DON'T DO
  3. DATA PRIVACY AND HIPAA COMPLIANCE
  4. THIRD-PARTY AI PROVIDERS
  5. SECURITY PRACTICES
  6. ONGOING EVALUATION
  7. QUESTIONS OR CONCERNS

 

1. HOW WE USE AI

We apply AI to specific, well-defined use cases that benefit our customers, including:

  • Threat Detection: Identifying patterns indicative of phishing, spam, or malware in inbound email.

  • Message Classification: Categorizing email content for routing and filtering.

  • Operational Efficiency: Assisting internal teams with summarization, reporting, and trend analysis.

  • Product Innovation: Exploring AI-assisted features with privacy safeguards in place.

We do not use generative AI to read, summarize, or respond to patient emails unless explicitly configured by the customer and covered under a HIPAA compliant business associate agreement (BAA).

 

2. WHAT WE DON'T DO

No AI-based decision making on PHI: We do not permit autonomous AI to make clinical or compliance-related decisions involving protected health information (PHI).

No use of AI for advertising or marketing profiling of end users.

 

3. DATA PRIVACY AND HIPAA COMPLIANCE

All AI systems used at Paubox operate under strict privacy and compliance frameworks.

Where AI processing occurs, it:

  • Complies with HIPAA and all applicable data privacy laws.

  • Operates within environments covered under our business associate agreements (BAAs).

  • Does not involve unauthorized third-party data sharing.

 

4. THIRD-PARTY AI PROVIDERS

When third-party AI tools are used, we:

  • Vet each provider for security and compliance standards.

  • Limit usage to non-sensitive internal applications unless covered under a BAA.

  • Maintain contractual safeguards to prevent misuse of Paubox data.

5. SECURITY PRACTICES

AI deployed at Paubox follows the same rigorous security protocols we apply to all infrastructure:

  • Encryption in transit and at rest

  • Role-based access controls

  • Continuous monitoring and logging

 

6. ONGOING EVALUATION

We regularly review our AI use and governance policies to stay aligned with industry best practices, evolving regulations, and customer expectations.

 

7. QUESTIONS OR CONCERNS

If you have questions about how AI is used at Paubox, contact us at:

support@paubox.com or by post to:

Paubox, Inc.
5 Third Street, Suite 324
San Francisco, CA 94103

Phone: (415) 795-7396