No-PHI Policy

1. What we collect

Chrysalis only collects aggregate organizational statistics — counts, percentages, dropdown selections, and short administrative summaries. All data entry fields are structured to prevent patient-identifiable information.

2. What we never collect

• Patient names
• Dates of birth
• Medicaid IDs or insurance member numbers
• Medical record numbers
• Addresses or contact information for individuals receiving services
• Clinical notes or progress notes
• Patient-level service records

3. What Chrysalis is not

Chrysalis is not an EHR, not a billing system, not a system of record, and not a legal compliance guarantee. It is a document drafting assistant that uses your aggregate data to generate draft reports for administrator review.

4. Validation safeguards

Every data-entry page displays an aggregate-only banner. Free-text fields are limited and labeled "Administrative summary only — no PHI permitted." Validation reminders run before any report is generated.

5. Your responsibility

Agencies are responsible for ensuring that no PHI is entered into Chrysalis. By using this product, you acknowledge that draft outputs are for internal review and do not replace legal, clinical, billing, accreditation, or compliance consultation.