top of page

Artificial Intelligence at Agave Health

How we design, deploy, and govern AI responsibly

Executive Summary

Agave Health deploys artificial intelligence in a clinically grounded, privacy-first, and security-compliant manner.

Our AI systems are:

  • Human-supervised

  • Clinically informed

  • HIPAA-aligned

  • SOC 2 Type II compliant

  • Governed under signed Business Associate Agreements, including with OpenAI

AI at Agave is designed to augment care, not replace licensed professionals, and to operate within enterprise-grade privacy and security standards.

 

1. Our AI Philosophy

At Agave Health, AI is:

  • Augmentative, not autonomous

  • Supportive, not substitutive

  • Human-supervised, not self-governing

AI enhances clarity, engagement, and care coordination. It does not independently diagnose, prescribe, or make medical decisions.

We believe AI in healthcare must be deployed with rigor, restraint, and accountability.

 

2. Use of AI Within the Agave Platform

Agave integrates AI into selected aspects of the platform to enhance the care experience for members and providers.

AI may support:

  • Structured reflection and insight generation

  • Member engagement and goal clarity

  • Care coordination and workflow support

  • Organization and summarization of member-provided information

AI-generated outputs are supportive in nature. They are not diagnostic, prescriptive, or a substitute for licensed care.

We do not disclose detailed technical implementations as part of this policy. AI features evolve over time and are deployed only following internal clinical and security review.

 

3. What Our AI Does Not Do

Agave AI does not:

  • Provide standalone medical diagnoses

  • Prescribe medications

  • Replace licensed clinicians

  • Make automated treatment eligibility determinations

  • Share personal health data with employers

  • Sell or monetize member data

We do not use AI for advertising profiling or commercial targeting.

 

4. AI in Employer-Sponsored Care

Agave is frequently deployed as an employer-sponsored health benefit. We maintain strict separation between employer access and individual care data.

Employers:

  • Do not receive identifiable personal health information

  • Do not see individual participation details

  • Do not access session content, AI reflections, or private communications

  • Receive only aggregated, de-identified reporting where contractually permitted

AI-generated insights are used solely to support individual care experiences and provider workflows. They are never used to provide employers visibility into individual-level health data.

This separation is foundational to our trust model.

 

5. Human Oversight and Clinical Governance

All AI features operate within a human-governed system:

  • Licensed clinicians retain authority over care decisions

  • Clinical leadership is involved in AI oversight

  • AI outputs inform but do not determine care plans

  • Safety escalation pathways remain human-led

AI is designed to support professional care, not replace it.

 

6. Privacy and Data Protection

Agave operates under strict regulatory and security standards.

 

A. Regulatory Compliance

We comply with applicable privacy and security laws, including:

  • HIPAA

  • CCPA, where applicable

We implement administrative, technical, and physical safeguards to protect Protected Health Information.

​

B. Enterprise Security Standards

Agave Health is compliant with SOC 2 Type II standards.

Our security framework includes:

  • Encryption in transit

  • Encryption at rest

  • Role-based access controls

  • Secure cloud infrastructure

  • Monitoring and audit logging

AI systems are subject to the same security controls as the broader platform.

 

C. AI Infrastructure and Business Associate Agreements

Where third-party AI infrastructure providers are used:

  • We operate under signed Business Associate Agreements, including with OpenAI

  • Data usage is contractually restricted to service provision

  • Protected Health Information is not used to train public AI models

We do not allow PHI to be used for generalized or commercial model training.

 

D. Data Minimization

We apply the principle of minimum necessary access:

  • Only required data is processed

  • Access is role-based and permission-controlled

  • Sensitive information is encrypted in transit and at rest

 

7. Responsible AI Governance

AI features are deployed following internal review processes that include clinical and security oversight.

We continuously monitor AI systems to ensure alignment with:

  • Clinical standards

  • Member safety

  • Privacy protections

  • Platform integrity

Agave reserves the right to modify, suspend, or remove AI features if they do not meet our safety, ethical, or compliance standards.

 

8. Transparency

When AI-generated content appears within the platform:

  • It is presented as system-generated

  • It does not represent itself as a human clinician

  • Members retain access to direct human care

Transparency is essential to maintaining trust.

​

9. Questions

For questions regarding AI, security, or compliance:

eve@agavehealth.com
Attn: Security and Compliance

bottom of page