Safety, Risk & Suitability (Appropriate Use)
Issue Date: 2025-12-09 Document Version: v1.1.0
Version Log
v1.1.0 (2025-12-09): Updated Issue Date, Document Version, and headings/formatting; no material changes to safety guidance or contraindications. v1.0.0 (2025-12-05): Initial publication covering suitability guidance, contraindications, and risk management framework.
Purpose
PepperChat supports clinicians with documentation, planning, and organization. It does not provide emergency services, does not diagnose, and does not replace a clinician's judgment. Please review the following suitability guidance and contraindications.
Not for Emergencies or Crisis Situations
PepperChat is not intended for emergency or crisis response, triage, or continuous monitoring.
If you or someone else is in immediate danger or requires urgent help, do not use PepperChat. Call 911 (or your local emergency number), go to the nearest emergency department, or contact the 988 Suicide & Crisis Lifeline in the United States by calling or texting 988 or chatting at 988lifeline.org.
Excluded or High‑Risk User Groups
PepperChat is not suitable for, and is not intended to be used by or for:
Individuals under 18 years of age. (Clinician users must ensure any minor-related documentation complies with applicable laws and organizational policy. Clients under 18 should not use PepperChat.)
Users who require immediate in‑person intervention rather than virtual or asynchronous support.
Individuals experiencing active suicidality or homicidality, acute psychosis, severe withdrawal, or other medical/psychiatric emergencies requiring urgent in‑person care.
Emergency/crisis services or teams using PepperChat to triage or manage crises.
Intended Users and Scope
PepperChat is designed for licensed or supervised mental health clinicians to assist with documentation, treatment planning, and organization.
AI features are Human‑in‑the‑Loop: clinicians review, edit, and approve content before it is finalized. Suggestions are optional and must be evaluated by a qualified clinician.
PepperChat does not make independent clinical decisions, provide diagnosis, or replace clinical judgment.
Risk Management Framework
This section outlines our risk management approach for AI‑assisted documentation, including conversational and transcription features. Our framework focuses on prevention, in‑product controls, and post‑market monitoring.
Risk Identification
Potential AI drafting errors (hallucination, omission, or misclassification of clinical content)
Transcription/dictation errors (mishearing, diarization, punctuation)
Misuse or over‑reliance on suggestions without clinician review
Data handling risks (privacy, access, retention)
Risk Evaluation
We evaluate risks by severity and likelihood, considering clinical context and potential impact on documentation quality or clinical decision‑making.
We define pre‑mitigation and residual risk levels, aiming to reduce residual risk to acceptable levels for intended use.
Risk Controls and Mitigations (Human‑in‑the‑Loop at the core)
Human‑in‑the‑Loop gating: suggestions are optional; clinicians review and approve before finalization.
Structured templates and previews: standardized sections (e.g., Symptoms, Interventions, Response, Plan) support accurate review before saving.
Versioning and auditability: edits and finalization create a clear record of clinician‑approved text.
Model change control: AI behavior changes are reviewed and validated against regression checklists before rollout.
Input quality prompts: UI cues and warnings encourage verification of names, dates, measures, and risk content.
Privacy and access controls: encryption in transit/at rest, role‑based access, and audit logging of key actions.
Monitoring and Feedback
Feedback channels: clinicians can report issues through support; high‑severity reports are triaged with priority.
Error monitoring: logs and metrics track AI‑related failures, latency, and anomaly patterns (non‑PHI where applicable).
Continuous improvement: reported issues inform prompt and UX refinements and, where applicable, model control updates.
Incident Response (Documentation Revisions and User Notification)
If an AI‑related defect or guidance change affects documentation quality, we assess impact, publish guidance, and, if needed, notify users and recommend corrective steps (e.g., review templates, re‑verify affected drafts).
Roles and Responsibilities
Clinician responsibility: final clinical judgment, acceptance/rejection of AI text, and accuracy of final records.
PepperChat responsibility: provide controls that keep clinicians in control, transparently surface suggestions, log key actions, protect data, and continuously improve.
Applicable Standards and Frameworks (Informative)
NIST AI Risk Management Framework (RMF) — governance and risk controls for AI systems.
ISO/IEC 23894 — guidance on AI risk management.
HIPAA Security Rule safeguards — administrative, physical, and technical controls for ePHI.
WCAG 2.2 AA considerations — accessible presentation for safe use by diverse users.
Review Cadence
This framework is reviewed at least annually and after material AI or workflow changes.
Clinical Responsibility
Clinicians remain responsible for all clinical decisions, documentation accuracy, and adherence to applicable laws, regulations, payer rules, and organizational policies.
Use of PepperChat must follow your professional standards, scope of practice, and any supervisory or guardian‑consent requirements that apply in your setting and jurisdiction.
Data and Privacy
PepperChat applies HIPAA‑aligned safeguards, with encryption in transit and at rest. See our Privacy Policy and Terms of Use for details.
Document Control
Owner: Clinical Governance Lead
Review Cadence: At least annually, and after material AI or workflow changes
Next Scheduled Review: 2026-01-31