How COHESION operates in healthcare deployments

COHESION is oversight-measurement middleware. It measures the quality of human review of AI-generated decisions using behavioral telemetry: timing, modification extent, scroll depth, and similar signals. The middleware does not require Protected Health Information (PHI) to operate.

Customers should not send PHI in decision payloads. COHESION scores the reviewer behavior, not the clinical content of a decision. PHI is not needed for that measurement and should be kept in systems that are purpose-built to handle it.

PHI handling guidance

  • Do not include patient names, dates of birth, medical record numbers, diagnosis codes, or any other PHI in the operator_id or decision-context fields sent to the COHESION API.
  • Hash or pseudonymize identifiers before they leave your system.
  • Field-level redaction guidance is available on request. Contact peyton@cohesionauth.com for implementation details specific to your deployment.

Business Associate Agreement

A Business Associate Agreement (BAA) is available on request for design partners in healthcare settings. The BAA addresses PHI handling specifics applicable to COHESION's role as a business associate under 45 CFR Part 164.

To request a BAA or discuss healthcare-specific deployment considerations, contact peyton@cohesionauth.com.