HIPAA NOTICE OF PRIVACY PRACTICES & COMPLIANCE DISCLAIMER
Effective Date: January 12, 2026
THIS NOTICE DESCRIBES HOW OUR AI SAAS PLATFORM MAY BE USED TO PROCESS MEDICAL INFORMATION AND OUR COMMITMENT TO HIPAA COMPLIANCE. PLEASE REVIEW IT CAREFULLY.
1. ABOUT US
Axis Management Solutions, doing business as Axis Patient Solutions (collectively, "Company," "we," "us," or "our"), develops and provides AI-powered front desk software-as-a-service (SaaS) solutions for healthcare providers, medical clinics, physician practices, and healthcare technology partners. Our platform enables our clients to:
- Answer and route inbound patient calls using AI technology
- Automate appointment scheduling and management
- Process patient intake and data collection
- Send outbound patient communications and appointment reminders
- Deploy white label AI front desk solutions under their own brand
- Replace or supplement traditional front desk operations with AI-powered services
Important: Axis Management Solutions DBA Axis Patient Solutions does not directly collect, access, or control patient information. Our clients—healthcare providers and white label partners—use our AI SaaS platform to process Protected Health Information (PHI) in connection with their own healthcare operations. Our clients are responsible for their own HIPAA compliance and their relationship with patients.
2. OUR ROLE UNDER HIPAA
Business Associate Status: When our AI SaaS platform is used by Covered Entities (healthcare providers, health plans, and healthcare clearinghouses) to process PHI, Axis Management Solutions DBA Axis Patient Solutions operates as a Business Associate under HIPAA. As a Business Associate, we are contractually and legally obligated to ensure our platform maintains appropriate safeguards to protect the privacy and security of PHI that is processed through our technology.
Business Associate Agreements: We execute Business Associate Agreements (BAAs) with clients who use our platform to process PHI. These agreements establish our obligations to maintain a HIPAA-compliant platform and outline the permitted uses of any PHI that may be transmitted through or stored within our systems.
Technology Provider Role: As a SaaS provider, we supply the technology infrastructure and AI capabilities. Our clients—not Axis Management Solutions—determine what patient information is collected, how it is used, and maintain the direct relationship with patients.
3. PROTECTED HEALTH INFORMATION PROCESSED THROUGH OUR PLATFORM
Our clients may use our AI SaaS platform to process the following types of PHI in connection with their healthcare operations:
- Patient names, addresses, phone numbers, and email addresses
- Dates of birth and health plan identification numbers
- Appointment dates, times, and scheduling preferences
- Reason for visit and general health inquiries
- Insurance information and billing details
- Medical record numbers and account numbers
- Voice recordings and transcripts from patient phone interactions
Note: The specific types of PHI processed depend on how each client configures and uses our platform. Axis Management Solutions does not independently collect this information from patients—it flows through our platform as directed by our clients.
4. HOW PHI IS USED WITHIN OUR PLATFORM
PHI processed through our AI SaaS platform is used only as directed by our clients and as permitted by our Business Associate Agreements:
4.1 Platform Functions
- AI Processing: Our AI technology processes patient communications to provide scheduling, intake, and communication services as configured by our clients
- Data Transmission: PHI is transmitted securely between patients and our clients' systems
- Storage: PHI may be temporarily or persistently stored within our platform as required to deliver services to our clients
- Service Delivery: All processing is performed to enable our clients to conduct their healthcare operations
4.2 Prohibited Uses
We do NOT use PHI processed through our platform for our own marketing purposes, sell PHI to third parties, use PHI to train general AI models, or use PHI for any purpose not authorized by our Business Associate Agreements or directed by our clients.
5. PLATFORM SAFEGUARDS AND SECURITY MEASURES
Axis Management Solutions DBA Axis Patient Solutions implements comprehensive administrative, physical, and technical safeguards within our AI SaaS platform:
5.1 Technical Safeguards
- End-to-end encryption for all data transmission and storage (AES-256)
- Multi-factor authentication and role-based access controls
- AI systems designed with privacy-by-design principles
- Regular security assessments and penetration testing
- Comprehensive audit logging of all platform access and activities
- Secure API architecture for client integrations
5.2 Administrative Safeguards
- Designated Privacy and Security Officers
- Workforce training on HIPAA requirements and data privacy
- Incident response and breach notification procedures
- Regular policy reviews and compliance audits
- Vendor management and subcontractor oversight
5.3 Physical Safeguards
- Secure, SOC 2 compliant data center facilities
- Workstation security policies and device management
- Secure disposal of hardware containing PHI
6. AI TECHNOLOGY DISCLOSURE
Our AI SaaS platform utilizes advanced artificial intelligence technology. Important disclosures regarding our AI systems:
- Automated Processing: Patient calls and messages processed through our platform are handled by AI systems as configured by our clients
- Human Oversight: Our platform supports human escalation and oversight as configured by each client
- Data Minimization: Our platform is designed to process only the information necessary to perform requested functions
- No AI Training on Client PHI: PHI processed through our platform is NOT used to train general AI models. Client data remains confidential and segregated
- Voice Data: Voice recordings processed through our platform are encrypted and handled according to retention settings configured by our clients
7. WHITE LABEL PROGRAM
For partners utilizing our white label AI SaaS solutions, the following applies:
7.1 Partner Responsibilities
White label partners who deploy our platform to serve healthcare providers are responsible for:
- Executing appropriate Business Associate Agreements with their end-client healthcare providers
- Ensuring their use and configuration of our platform complies with all applicable HIPAA requirements
- Maintaining their own HIPAA compliance programs, including policies, training, and incident response
- Managing end-user access and permissions within the platform
- Providing appropriate privacy notices to their clients and end users
- Promptly reporting any suspected security incidents or breaches
7.2 Subcontractor Relationship
When white label partners deploy our platform to serve Covered Entities, Axis Management Solutions DBA Axis Patient Solutions acts as a subcontractor (sub-Business Associate). We maintain all applicable HIPAA obligations and ensure our platform supports downstream compliance requirements.
7.3 Shared Responsibilities
| Axis Management Solutions Responsibility | Client/Partner Responsibility |
|---|---|
| Platform security and encryption | BAA execution with their clients |
| Infrastructure and application compliance | User access management and configuration |
| Data encryption at rest and in transit | Workforce HIPAA training |
| System audit logging and monitoring | Privacy notices to patients |
| Breach notification to clients/partners | Breach notification to affected patients |
| Secure platform architecture | Appropriate use and configuration of platform |
| SOC 2 compliance | Compliance with their own HIPAA obligations |
8. PATIENT RIGHTS
Patients whose PHI is processed through our platform retain all rights under HIPAA. However, because Axis Management Solutions is a technology provider and not the Covered Entity:
How to Exercise Your Rights: All patient rights requests—including requests to access, amend, or restrict PHI—should be directed to your healthcare provider. Your healthcare provider (our client) maintains the direct relationship with you and is responsible for responding to your requests.
We will cooperate with our clients in responding to patient rights requests as required by our Business Associate Agreements, including providing access to PHI stored within our platform when properly requested by our clients.
9. BREACH NOTIFICATION
In the event we discover a breach of unsecured PHI within our platform, Axis Management Solutions DBA Axis Patient Solutions will:
- Notify affected clients without unreasonable delay and no later than 60 days after discovery of the breach
- Provide information necessary for clients to fulfill their breach notification obligations to affected patients and the Department of Health and Human Services
- Cooperate fully in breach investigation and remediation efforts
- Maintain documentation of breach response activities for a minimum of six (6) years
- Implement corrective actions to prevent future breaches
Note: Our clients (Covered Entities) are responsible for notifying affected patients of any breach. We support our clients in meeting their notification obligations.
10. DATA RETENTION AND DISPOSAL
Data retention within our platform is governed by client configurations and our Business Associate Agreements:
- PHI is retained within our platform according to settings configured by each client
- Clients may configure retention periods for voice recordings and other data
- Upon termination of services, PHI is securely disposed of or returned as directed by the client and specified in our agreements
- Secure disposal methods include cryptographic erasure and certified destruction
11. CHANGES TO THIS NOTICE
We reserve the right to modify this HIPAA Notice at any time. Changes will be effective upon posting to our website at www.axispatientsolutions.com/hipaa. Material changes affecting our platform's handling of PHI will be communicated to our clients in accordance with our contractual obligations. The effective date at the top of this Notice indicates when it was last updated.
12. CONTACT INFORMATION
For questions about this HIPAA Notice, our platform's privacy practices, or to report a potential security concern, please contact:
Axis Management Solutions DBA Axis Patient Solutions
Privacy Officer / HIPAA Compliance
Email: privacy@axispatientsolutions.com
Website: www.axispatientsolutions.com
For Patients: If you have questions about how your healthcare provider uses our platform or wish to exercise your HIPAA rights, please contact your healthcare provider directly.
You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by visiting www.hhs.gov/ocr/privacy/hipaa/complaints or calling 1-800-368-1019.
LEGAL DISCLAIMER
This Notice is provided for informational purposes and does not constitute legal advice. Axis Management Solutions DBA Axis Patient Solutions is a technology provider. Healthcare providers and white label partners using our platform are independently responsible for their own HIPAA compliance, including providing appropriate privacy notices to patients and fulfilling all Covered Entity obligations.
This Notice does not create any attorney-client relationship and should not be relied upon as a substitute for legal advice from a qualified healthcare attorney.
Thank you for trusting Axis Patient Solutions as your AI front desk technology partner.
Last Updated: January 12, 2026