Acceptable use policy

1. Spirit

MedPro AI is for legitimate healthcare practice operations under the supervision of a licensed clinician. This policy explains what we expect of you and what we will not tolerate. It applies to every clinician, practice administrator, and authorised user of the platform.

2. You may not

• Use MedPro AI for any unlawful purpose
• Process personal or special-category data you have no right to process
• Reverse engineer, scrape, or attempt to extract our source code or models
• Attempt to bypass security controls, access controls, or rate limits
• Use Brigid (or any AI feature) to make autonomous clinical decisions without human oversight (EU AI Act Article 14)
• Share clinician account credentials with another person — each clinician must have their own account, attested as licensed and indemnified
• Access patient records you do not have a legitimate clinical reason to access (GDPR Article 5 data minimisation + the Irish Medical Council Guide to Professional Conduct & Ethics Para 37.3)
• Falsify, delete, or attempt to circumvent the audit log (Irish Health Act 2014 §73 + EU AI Act Art 12)

3. Clinical safety + Medical-Device duties

MedPro AI is CE-marked Class IIa under EU MDR 2017/745 (see /medical-device). As a clinician you assume the deployer duties for a Class IIa medical device:

• Every AI output is a draft. You must read, verify, and approve every Brigid-drafted note, letter, referral, prescription, or summary before it is signed, sent, or acted on (EU AI Act Art 14 human oversight).
• Report incidents. Suspected device malfunction, near-miss events, or adverse outcomes attributable to the device must be reported to vigilance@medproai.com within 24 hours (MDR Art 87 vigilance reporting timeline).
• Stay current. Use only supported versions of the platform. Significant updates may require re-acceptance of the consent gate.

Practices found to be using Brigid as an autonomous prescriber or diagnostician will have access suspended immediately pending clinical safety review and may be referred to their professional regulator (IMC, IDCN, NMBI, or CORU as applicable).

4. Patient consent & Brigid permissions

Each MedYou patient owns a set of consent toggles in their app — both the high-level data & privacy consents (Terms & Privacy, Health Data Processing, International Transfers, AI Features, Cross-Clinic Sharing, Marketing, Research) and the granular Brigid action toggles (Draft letters, Summarise visits, Send reminders, Voice transcripts).

These are technically enforced — the platform refuses any AI action whose consent is off. You may not attempt to circumvent these gates:

• You must not capture audio outside the platform when a patient has voice transcripts disabled
• You must not email a Brigid-drafted summary to a patient who has visit summaries disabled
• You must not route prescriptions to a pharmacy without per-share patient consent
• You must not share a patient's record with another clinic if cross-clinic sharing is declined and no per-share QR code has been issued

Doing so is a serious breach of this policy AND of GDPR Article 9 protections for special-category health data AND of the Irish Health Act 2014 §73 patient confidentiality requirements.

You remain responsible for obtaining and documenting patient consent for any processing beyond what the platform-level consent gate covers, and for informing patients that an AI system is in use (EU AI Act Art 50 transparency to natural persons).

5. Reporting incidents + vigilance

• Acceptable-use violations → abuse@medproai.com
• Medical-device adverse events / near-misses (MDR Art 87) → vigilance@medproai.com
• Data-protection concerns / SAR requests → dpo@medproai.com
• Accessibility issues → accessibility@medproai.com

6. Enforcement

Violations may result in written warning, temporary suspension, or termination of platform access. We will give notice and opportunity to remedy where possible, except in cases of:

• Immediate patient safety risk — suspension is immediate
• Unlawful activity — suspension and law-enforcement reporting are immediate
• Repeated audit-log circumvention — suspension and regulator referral

Related documents

Clinician Terms of Service · Medical Device Declaration · Data Processing Agreement · Privacy Policy · Compliance Overview