Responsible Use of Artificial Intelligence at Xenon Health of New Jersey

Purpose

Xenon Health of New Jersey (“Xenon Health”) is committed to using artificial intelligence responsibly in ways that support patient safety, privacy, security, operational integrity, and human accountability. This statement describes Xenon Health’s general public-facing approach to the responsible design, deployment, configuration, evaluation, and use of AI-enabled tools, services, and workflows.

 

This document is intended as a public governance statement. It is not an internal technical standard, implementation manual, or operational runbook. 

Scope

These principles apply to AI-enabled tools, features, services, systems, models, and workflows that Xenon Health designs, develops, deploys, configures, evaluates, procures, or uses in support of its healthcare-related, administrative, operational, compliance, and business activities. 

Definitions

For purposes of this statement: 

 

Artificial Intelligence (AI) means computational systems that generate, classify, predict, recommend, retrieve, summarize, analyze, or otherwise produce outputs that may influence human decisions or actions. 

AI-enabled means any product, service, feature, workflow, or process that uses or is materially supported by AI capabilities, whether developed internally or provided by a third party. 

Higher-risk use means a use case in which AI outputs or actions could materially affect patient care, patient safety, privacy, legal rights, regulatory compliance, financial outcomes, workforce decisions, credentialing, contracting, or other significant operational or professional judgments. 

Sensitive information includes protected health information, patient data, confidential business information, regulated data, security information, credentials, nonpublic financial information, and other information subject to privacy, confidentiality, contractual, regulatory, or security restrictions. 

Material decisions means decisions that could significantly affect patient care, legal rights, compliance status, financial obligations, employment status, credentialing, discipline, contracting, billing, claims handling, or other substantial organizational or individual outcomes. 

Approved environment means a technical and contractual environment that Xenon Health has authorized for the relevant AI use based on applicable privacy, security, compliance, and vendor review requirements. 

Core Principles

  1. Patient Safety and Human Accountability Come First

AI must support, not replace, responsible human judgment. Xenon Health may use AI to support administrative, operational, drafting, workflow, and information-access functions, but AI will not be used as the sole basis for clinical decision-making or other decisions requiring qualified professional judgment. 

 

  1. Privacy and Confidentiality Are Foundational

Xenon Health is committed to protecting sensitive information in accordance with applicable legal, regulatory, contractual, and organizational requirements. AI systems and workflows must be designed and used in ways that reduce unnecessary data exposure and apply appropriate safeguards. 

 

  1. Security Must Be Built In

AI capabilities must be implemented with appropriate security controls, which may include authentication, authorization, logging, monitoring, access restrictions, secure configuration, and incident management measures designed to reduce the risks of unauthorized access, misuse, manipulation, or data leakage. 

 

  1. AI Use Must Serve a Legitimate Purpose

AI should be used only where it supports a legitimate healthcare, administrative, operational, compliance, or business objective and where the expected benefits justify the associated risks.

 

  1. Transparency and Review Matter

Where appropriate, Xenon Health seeks to provide transparency about the use of AI in workflows, content generation, analysis, and decision support so that users can review, challenge, and appropriately rely on outputs. 

 

  1. Quality, Reliability, and Validation Are Required

AI outputs may be incomplete, inaccurate, or contextually inappropriate. AI-enabled tools and workflows should be evaluated before material use and monitored over time for quality, reliability, consistency, and fitness for purpose. 

 

  1. Governance Applies Across the Lifecycle

Responsible AI requires governance across the lifecycle of AI-enabled capabilities, including proposal, intake, review, approval, design, procurement, implementation, testing, deployment, monitoring, change management, and retirement. 

Governance and Accountability

Xenon Health expects AI use cases to be governed through a cross-functional review process appropriate to the nature and risk of the use case. 

 

At a minimum: 

 

  • Xenon Health’s information technology and information security leadership should own the maintenance of this statement and coordinate implementation expectations. 
  • Privacy, compliance, legal, and security stakeholders should be involved in the review of AI use cases that involve sensitive information, regulatory exposure, third-party services, public claims, or other elevated risk. 
  • Clinical leadership should be involved where a use case may affect patient care, clinical operations, documentation, or other healthcare-related professional judgment. 
  • Higher-risk use cases should be reviewed and approved through a documented process before deployment or material expansion of use. 
  • Exceptions to standard requirements should be documented, approved by the appropriate internal owner, and reviewed based on risk. 

 

Unless superseded by an internal governance schedule, this statement should be reviewed at least annually and updated sooner if there are material changes in technology, law, regulation, organizational practice, or risk posture.

Permitted Uses

 

Subject to applicable review and controls, Xenon Health may use AI for functions such as: 

 

  • drafting or summarizing internal business content; 
  • workflow support and administrative assistance; 
  • information retrieval and knowledge-access support; 
  • operational analytics and business process improvement; 
  • software development assistance, subject to review and testing; 
  • limited decision support where qualified personnel remain responsible for review and final action; and 
  • other approved business or healthcare-related uses consistent with this statement. 

Restricted and Not Permitted Uses

Unless expressly approved under applicable governance and controls, Xenon Health does not permit the use of AI in a manner that: 

 

  • relies on AI as the sole basis for diagnosis, treatment, medication decisions, patient-specific clinical judgment, or other decisions requiring qualified professional judgment; 
  • relies on AI as the sole basis for credentialing, discipline, legal determinations, compliance conclusions, or other material decisions without qualified human review; 
  • exposes protected health information, patient data, or other sensitive information in unapproved environments; 
  • bypasses required privacy, security, compliance, contracting, or legal review; 
  • makes misleading, unsupported, or unreviewed claims on behalf of Xenon Health; 
  • uses AI tools or datasets in ways inconsistent with law, contract, professional obligations, or organizational policy; or 
  • enables unauthorized surveillance, unauthorized access, discriminatory misuse, or other improper use. 

Data Handling and Approved Environments

Protected health information, patient data, and other sensitive information may be used with AI tools only in approved environments subject to applicable privacy, security, contractual, and governance controls. 

 

At a minimum, Xenon Health expects that: 

 

  • only the minimum necessary sensitive information should be used for an approved purpose; 
  • de-identification, redaction, tokenization, or other data-minimization techniques should be used where appropriate; 
  • retention, storage, access, disclosure, and deletion practices should be governed by applicable law, contract, policy, and operational requirements; 
  • protected health information should not be entered into or processed by unapproved public or consumer AI tools; 
  • third-party environments handling protected health information or other regulated data should be reviewed for appropriate privacy, security, and contractual controls; and 
  • when required by law or the nature of the service, appropriate business associate analysis and contracting should be completed before use. 

Validation, Monitoring, Logging, and Training

Xenon Health expects AI-enabled tools and workflows to be subject to controls appropriate to the use case and risk level. These may include: 

 

  • pre-use testing or validation; 
  • documented review of known limitations and intended use; 
  • logging or auditability appropriate to the workflow; 
  • monitoring for misuse, failures, drift, degradation, or unexpected outputs; 
  • incident reporting and escalation where material issues are identified; 
  • review before material retraining, reconfiguration, or expansion of scope; and 
  • user guidance or training appropriate to the role and use case. 

Third-Party AI Tools and Vendors

When Xenon Health uses third-party AI tools, services, platforms, or integrations, they should be reviewed in a manner appropriate to the risk and use case. Depending on context, this review may include: 

 

  • privacy terms and confidentiality protections; 
  • permitted data use and data retention terms; 
  • restrictions on model training or secondary use of Xenon Health data; 
  • security review and incident notification expectations; 
  • subcontractor and downstream processing considerations; 
  • audit, assessment, or assurance rights where feasible; 
  • legal and contracting review; and 
  • business associate analysis where protected health information may be involved. 

Public Statements and External Reliance

Xenon Health seeks to describe its AI practices accurately and responsibly. Public statements about AI should be reviewed as appropriate to reduce the risk of inaccurate, misleading, unsupported, or overbroad claims regarding functionality, safety, compliance, or outcomes. 

No Warranty; No Rights Created

This statement describes Xenon Health’s general approach to responsible AI use. It does not create contractual commitments, third-party rights, service guarantees, warranties, or representations regarding any specific system, control, outcome, or level of performance. 

Continuous Improvement

AI technologies, regulatory expectations, and operational risks continue to evolve. Xenon Health expects its responsible AI practices, review processes, and safeguards to evolve over time based on operational experience, legal developments, risk management needs, and organizational priorities.