The Walled Memory Principle: Why Persistent AI Memory Needs Hard Boundaries

Section 01

For the Reader in a Hurry

The Short Version

Persistent memory is the feature that turns a private AI deployment from a stateless chat tool into something that actually knows your practice over time. That is a real and valuable capability. It is also the first feature in this entire series that creates a new disclosure risk rather than removing one — because memory, by definition, is information from one session becoming available in another. If that "another" is a different patient or a different matter, the practice has built itself a leak, regardless of how private the underlying model is. This paper argues that the fix is not policy or staff training. It is a database design choice: memory access scoped by ownership of the record — patient ID, matter ID — enforced at the query level, with no retrieval path that crosses that boundary by default. Get that right, and persistent memory is a genuine product strength. Get it wrong, and zero-cloud's entire pitch — that nothing leaves the building — is undermined from the inside, by a feature meant to make the AI more useful.

This is not a risk unique to local AI. Major cloud AI vendors have independently converged on record-scoped memory isolation as the correct design — evidence that this paper's architecture reflects where the field is already heading, not an idiosyncratic requirement. What zero-cloud deployment adds on top of that scoping is the removal of a second, cloud-specific risk: vendor access to the data itself. Checked against the broader medical AI market, walled memory turns out to be largely unaddressed territory — most ambient AI scribes are architected per-encounter with no persistent memory store at all, and the smaller tier of tools moving toward longitudinal patient context has not published how, or whether, that memory is isolated per patient. Walled memory is therefore not a fix for a known competitive failure. It is groundwork laid ahead of where the category is heading.

Walled Memory: Zero-Cloud vs. Cloud AI, at a Glance
Dimension	Cloud AI (Typical)	Zero-Cloud (This Architecture)
Default memory scope	Single account-wide profile across all conversations, unless an isolated mode is explicitly created and used	Scoped to the active patient or matter from the first write — no unscoped mode exists
Isolation mechanism	A folder or project the user must remember to select and stay inside	A database constraint enforced at the query level, independent of user behavior
Failure mode if isolation lapses	Silent — content from one context can surface in another with no architectural backstop	The query returns nothing rather than the wrong record; failures are visible, not silent
Vendor access to content	Content may be used to improve models depending on account settings; workspace admins typically retain visibility	No vendor in the data path; nothing leaves the machine to be reviewed or trained on
Commercial incentive	A richer, unsegmented profile is the more valuable default for the vendor's product and model	No equivalent incentive — isolation costs the vendor nothing to maintain as the only mode
Audit trail	Logged inside the vendor's own infrastructure; the practice typically cannot inspect it directly	Logged in the practice's own database, queryable and demonstrable on demand
Behavior over time	Can change with a vendor's silent model or memory-handling update, with no notice to the practice	Frozen until the practice deploys a change — the wall behaves identically until someone chooses otherwise
Deletion on request	A policy commitment, subject to backup and replication timelines the practice cannot verify	A single, immediate, verifiable database operation the practice controls directly
What a practice is trusting	The vendor's workflow design, account settings, and policy enforcement	A constraint that holds the same way regardless of vendor policy, account tier, or settings changes

Provable, not promised. A zero-cloud practice can show a regulator or a client the access log directly. A cloud practice is repeating what the vendor told them.
Stable, not silently updated. The wall behaves the same way today as it will in a year, because nothing changes underneath it without the practice's own decision.
Deletable on command. Removing a patient's data is a single, immediate, verifiable action — not a request submitted to someone else's timeline.

This paper is a companion to White Paper No. 1 (zero-cloud architecture) and White Paper No. 4 (AI liability and ownership). Those papers addressed where AI output goes and who is responsible for it. This paper addresses something neither covered directly: what an AI system remembers, and who else it might tell.

45 CFR
§164.502(b) The HIPAA rule every memory read must satisfy

Rule 1.10 ABA Model Rule governing imputed conflicts & ethical screens

1 Writer SQLite's concurrency ceiling — the real scaling constraint, not record count

Section 02

Why Persistent Memory Matters for a Private LLM

A stateless AI tool is useful but limited: every session starts from zero. The provider re-explains the patient's history. The attorney re-pastes the matter background. The model never gets better at being this practice's assistant — it only gets better, in the abstract, at being an assistant in general.

Persistent memory changes that. A system that remembers what was discussed about a specific patient or a specific matter across sessions can surface relevant history without being re-told it, flag patterns a single session would miss, and reduce the repetitive overhead that makes busy clinicians and attorneys abandon AI tools after the novelty wears off. For a zero-cloud deployment specifically, memory is plausibly the single biggest lever for making the tool sticky in daily use rather than a one-time demo impression.

None of that is in dispute. The question this paper exists to answer is narrower and more specific: memory of what, scoped to whom, retrievable by what mechanism — because the answer to those three questions determines whether the feature is a compliance asset or a compliance liability.

Section 03

The Wrong Mental Model: Bias vs. Access

The instinctive way to think about cross-client or cross-patient memory risk is to reach for the language of bias: will the system treat one patient differently because of what it knows about another? That is a reasonable question to ask of a human professional, where judgment, fatigue, and unconscious association are real mechanisms of harm. It is the wrong question to ask of a database.

An AI system with no bias whatsoever still creates exactly the same problem, because the actual mechanism is not judgment — it is access. Conflicts-of-interest rules, ethical walls, and HIPAA's minimum necessary standard do not exist because professionals might think unfairly about a second client. They exist because information moving from one confidential relationship into another is itself the harm, independent of what anyone does with it afterward. A privileged communication that becomes visible in an unrelated matter has been disclosed — the disclosure is the violation, whether or not it changed anyone's recommendation, and whether or not a model or a person was the one who moved it.

The Distinction That Matters

Bias is a property of judgment. Leakage is a property of access. A persistent-memory AI system has no judgment to be biased — but it has a retrieval mechanism, and that mechanism either respects record boundaries or it doesn't. Designing against the wrong failure mode (bias) while ignoring the real one (access) is how a well-intentioned memory feature becomes a liability nobody saw coming.

Section 04

Conflicts Screening and the Legal Ethical Wall

Law firms have a long-established mechanism for exactly this problem when it occurs between human attorneys: the ethical wall, also called a screen. When an attorney moves firms, or when a firm represents parties on both sides of related matters, the firm erects an information barrier — the screened attorney does not access the file, does not discuss the matter with colleagues working it, and the firm documents that the screen was built and maintained. Courts evaluate the adequacy of these screens directly; an inadequate screen can result in disqualification of counsel, regardless of whether anything was actually misused.

A shared-memory AI system used across multiple matters within a firm recreates the exact structural problem an ethical wall exists to prevent — an attorney's questions to the AI about Matter A, and the AI's accumulated knowledge of Matter A, becoming retrievable when the same AI is used on Matter B. The fact that the "attorney" mixing the information is a model rather than a person does not change the disqualification analysis a court would apply; courts have shown no inclination to treat AI-mediated information flow as exempt from the same rules that govern human-mediated information flow.

The practical fix mirrors the human-world solution: scope memory per matter, the same way a firm scopes file access per matter, and make cross-matter retrieval structurally absent rather than merely discouraged.

Section 05

HIPAA, Minimum Necessary, and the Medical Equivalent

Medicine does not have a direct analog to the law firm's conflicts-of-interest screen — there is no rule against a physician treating two unrelated patients. The governing mechanism is different but addresses the same underlying problem: HIPAA's minimum necessary standard, which requires covered entities to limit access to, use of, and disclosure of protected health information to the minimum necessary to accomplish the intended purpose.

A persistent-memory AI tool that surfaces "everything captured" in response to a broad question, or that retrieves another patient's record because it shares a keyword or a similar clinical pattern, violates minimum necessary on its face — the disclosure exceeds what the specific task required, even if the disclosure was technically accurate and even if no one downstream acted on it incorrectly. HIPAA also imposes an audit-trail requirement that has no parallel in the legal ethical-wall framework: covered entities must be able to show who accessed what PHI, when, and for what purpose. A memory system without per-access logging is missing a control a compliance officer will look for specifically.

Same Root Problem, Different Rule

Legal calls it conflicts screening. Medicine calls it minimum necessary. The architecture that satisfies both is identical: scope memory writes and reads by the record's owner — matter or patient — and treat any retrieval outside that scope as a defect, not an edge case to tune around later.

Two Professions, One Underlying Mechanism
Dimension	Legal Practice	Medical Practice
Governing rule	ABA Model Rule 1.10 & imputed conflicts doctrine	HIPAA minimum necessary, 45 C.F.R. §164.502(b)
Trigger for violation	Access to another client's confidential matter, regardless of use	Disclosure exceeding what the specific task required
Consequence	Disqualification of counsel; bar referral	HIPAA enforcement action; breach notification obligations
Audit requirement	Documented adequacy of the ethical screen	Mandatory access logging, 45 C.F.R. §164.312(b)
AI architecture fix	Memory scoped by matter ID, no cross-matter retrieval	Memory scoped by patient ID, no cross-patient retrieval

Section 06

Memory, Privilege, and United States v. Heppner

White Paper No. 1 in this series discussed United States v. Heppner, in which the court's reasoning supports the view that on-premises AI processing may preserve attorney-client privilege in ways that cloud-mediated AI processing does not, because privilege analysis turns substantially on who else had access to the communication. Persistent memory introduces a second, independent version of that same question — one that exists even inside a fully zero-cloud deployment.

If a memory system captures a privileged exchange from Matter A and that exchange becomes retrievable in a session involving Matter B, the firm has potentially created a new disclosure to a person (the attorney working Matter B, who has no proper claim to Matter A's privileged content) who was never a party to the privileged relationship. Whether that constitutes a privilege waiver under the applicable jurisdiction's rules is a question for counsel, not for this paper — but the structural exposure is the same shape as the cloud-AI exposure Heppner-style reasoning warns against. A firm that has gone to the trouble of deploying zero-cloud AI specifically to avoid creating new privilege risk should not then build a memory feature that recreates a version of that exact risk internally.

This is the throughline that connects this paper to the rest of the series: zero-cloud removes the vendor as a third party with access to confidential communications. Unwalled memory reintroduces a different, internal version of the same problem — a different matter's attorney, or a different patient's provider, standing in the position the cloud vendor used to occupy.

1996

HIPAA Enacted

Establishes the minimum necessary standard later codified at 45 C.F.R. §164.502(b), governing every disclosure of protected health information — including disclosures mediated by software rather than a person.

2000

Restatement (Third) of the Law Governing Lawyers §124

Sets the adequacy standard for ethical screens used to avoid imputed disqualification — the legal profession's longest-standing answer to the cross-matter information problem.

2026

United States v. Heppner

Ruling addressing on-premises AI processing and attorney-client privilege; widely read as reframing how privilege analysis applies to AI-mediated communications.

Privilege Exposure Reframed

Mar. 2026

NYSBA Reaction to Heppner

New York State Bar Association publishes commentary describing the ruling's effect on the legal community's understanding of AI-tool risk in privileged work.

Section 07

The Architecture: Isolation by Ownership, Not by Relevance

The fix is narrower and more mechanical than the legal reasoning above might suggest. It does not require new case law, a new compliance framework, or a new vendor category. It requires one design decision, applied consistently: every memory record carries a mandatory owner field — patient ID or matter ID — and every read or write operation is filtered by that field at the database layer, not the application layer.

Writes are scoped at creation. A captured memory entry is tagged with the active record's owner ID at the moment it is written. There is no "general" or "unscoped" memory bucket for the system to fall back to.
Reads are scoped at the query, not filtered after retrieval. The search step asks the database for "records belonging to patient X," not "all records, then discard the ones that aren't patient X." This distinction matters: a post-hoc filter is a feature that can be forgotten in one code path; a scoped query has no other record to accidentally return.
Switching the active record clears working context. The owner-scoped database layer is necessary but not sufficient — a conversational AI session can still carry prior context in its own working memory (the chat history) even when the underlying memory store is correctly walled. Switching patients or matters should clear that working context as a matter of course, not as an optional step a user might forget.
No retrieval defaults to "search everything." A missing or null owner ID should produce an error or an empty result, never a broader, unscoped search. The failure mode of an owner-scoping bug should be "the tool didn't answer," not "the tool answered using the wrong patient's data."

None of this requires semantic search, embeddings, or anything resembling the more elaborate retrieval-augmented-generation architectures discussed elsewhere in AI tooling. A plain relational filter — the same mechanism a conventional practice-management database already uses to keep one client's records from appearing in another client's view — is sufficient to enforce the wall. The sophistication belongs in retrieval quality, not in the isolation guarantee, and the two should not be allowed to become entangled.

Section 08

Does This Scale? An Honest Answer

A fair accounting of this architecture requires being precise about what scale it is built for, rather than claiming unlimited scale to make the pitch simpler. The isolation principle itself — ownership-scoped filtering rather than similarity-based retrieval — holds at any number of records; an indexed lookup of "records belonging to this patient" performs the same whether the practice has fifty patients or fifty thousand. What does not scale without changes is concurrent write access on a single-file database engine, which serializes writers regardless of how many records exist.

For the practice profile this paper is written for — a solo or small medical practice, or a small-to-mid law firm with a handful of staff accessing records at any given moment — a single-file local database is not a simplification made for a demo. It is a credible production architecture on its own terms. Larger, multi-location practice groups, or firms with many attorneys running concurrent matters simultaneously, will hit the concurrency ceiling before they hit any limit on the isolation logic itself, and should plan to run the same access-boundary pattern on a multi-user database engine from the outset.

To state the threshold plainly rather than leave it implicit: this paper's SQLite-based architecture is recommended for practices with roughly three or fewer concurrent users actively reading from or writing to the system at any given moment — a working approximation, not a hard cutoff, since the real constraint is concurrent write contention rather than a fixed headcount. Practices expecting to exceed that — multi-provider clinics with simultaneous charting, firms with several attorneys working matters in parallel — should plan from the outset to run the identical ownership-scoped isolation pattern on PostgreSQL with the pgvector extension, which removes SQLite's single-writer constraint while preserving the same patient- or matter-scoped filtering this paper describes. The isolation logic does not change between the two; only the database engine underneath it does.

The Claim Worth Making to a Buyer

"Sufficient as the production architecture for a practice of your size, with a known and named path to a larger database engine if you grow past it" is a more credible claim to a compliance-minded buyer than an unqualified "scales to any size." It signals that the vendor has actually thought about where the system would strain — which is exactly the kind of diligence a HIPAA-adjacent or privilege-sensitive buyer is screening for.

Section 09

Where Walls Actually Fail — and Why It's Rarely the Database

In practice, the database-level wall is the easy part to get right and verify. A query either includes the owner-ID filter or it doesn't, and that is the kind of thing a code review catches. The failure modes that actually surface in testing are softer, and worth naming plainly so they are designed against rather than discovered live:

Conversational carryover. A chat session's own history is a second, informal memory store that sits outside the walled database. If a provider asks about Patient A, then asks about Patient B in the same unbroken conversation, the model can have Patient A's details sitting in plain view in the chat transcript — fully separate from whether the formal memory database enforced its wall correctly. The fix is structural (clear the conversation on record switch), not a prompt instruction asking the model to "ignore" what it can plainly see.
Leading questions. A direct, adversarial question — "does this patient have the same condition as the one I asked about earlier" — invites the model to draw a comparison using whatever is in view, including prior conversational context, even when the walled memory layer itself returned nothing for the second patient. This is a reason to test with adversarial phrasing specifically, not just with neutral questions, before trusting a wall in front of a client or a compliance reviewer.
Phrasing that implies more confidence than is warranted. A model correctly returning "no information available" can still phrase that conclusion in a way that sounds like it checked and found nothing, rather than that it was structurally prevented from looking. The distinction matters if a skeptical reviewer asks how the system actually behaves under the hood — the honest answer is the system never had the other record in scope, not that it searched and came up empty.

None of these are arguments against the architecture. They are arguments for testing it the way an adversarial reviewer would, not the way a friendly demo would — before either kind of person actually does it.

Section 10

What Professional Practices Should Require

For a practice evaluating any AI vendor offering persistent memory — whether AI Driven or another provider — the questions worth asking are specific enough to get a real answer, not a marketing one:

Is memory access filtered by patient or matter ID at the database query level, or only at the application layer after a broader retrieval?
Is there a default "search everything" mode, and can it be reached accidentally?
Does switching the active patient or matter clear prior conversational context, or only the formal memory store?
Is there an access log showing who retrieved what, when, scoped to which record — the audit trail HIPAA and prudent firm governance both expect?
Has the vendor tested the system with adversarial, cross-record questions specifically, or only with cooperative ones?

A vendor who can answer all five concretely has actually built the wall. A vendor who answers with "our AI is trained to respect privacy" has described an intention, not an architecture — and intentions are not what holds up in a disqualification motion or a HIPAA audit.

Section 11

Is This a Local AI Problem? Checking the Premise

Everything in this paper has been framed around a private, zero-cloud deployment, which raises a fair question: is unwalled memory a risk created by local AI specifically, or is it a risk that exists wherever persistent memory exists, regardless of where the model runs? The honest answer is the latter — and checking that premise against what cloud AI vendors have actually built is informative, both for understanding the risk and for understanding how seriously the wider industry already takes it.

Mainstream consumer AI chat tools store memory as a single account-wide profile by default. A professional using such a tool across multiple patients or matters in ordinary chat would face exactly the cross-record leakage this paper describes — arguably with less of a safety net than a custom-built local system, because there is no patient or matter field to even forget to filter on. The memory is simply one undifferentiated bucket per account.

What is more interesting is that the major cloud AI vendors have already moved away from that flat-profile design for their more structured products. OpenAI's Projects feature in ChatGPT partitions memory so that facts learned inside a given Project do not flow into the main chat or into other Projects, and memory from the main chat does not flow into a Project either. According to OpenAI's own published documentation, this Project-level isolation is offered alongside, not in place of, ChatGPT's standard memory mode, in which saved memories apply across regular conversations by default. Separately, industry analysts have noted that Anthropic's Claude takes this further by default, scoping memory to individual projects with isolation between them, rather than maintaining one global account-wide profile as ChatGPT's main chat does. Two competing frontier labs converging independently on record-scoped isolation as the correct design is a meaningful data point: it is not an idiosyncratic requirement invented for this paper. It is the direction the entire field is already moving.

Where the Comparison Breaks Down

Vendor-provided memory partitioning is a folder a person has to remember to use correctly, not a database constraint that fails closed. Nothing prevents a provider from pasting into the wrong Project, reusing one Project across two patients to avoid the friction of creating another, or falling back to unscoped main chat out of habit. That is the same conversational-carryover failure mode described in Section 09 — except in a purpose-built system, the underlying database wall holds even if the conversation layer slips. In a consumer cloud tool, the isolation exists only as long as the human's workflow discipline holds, with no architectural backstop underneath it.

It is also worth noting what isolation features like Projects represent commercially, because it explains why they exist as an opt-in exception rather than the default. A single, unsegmented memory profile that follows a user across every conversation is the more commercially valuable design for a consumer AI vendor — it produces a richer account-level understanding of the user, which is part of what makes the product effective at retention and, where account settings allow it, part of what improves the vendor's models over time. Scoped, isolated memory works against that incentive: it is, by design, a feature that deliberately limits what the vendor's own system can connect together. That a vendor builds it anyway, as an enterprise-tier option, reflects real and appropriate caution. That it remains optional rather than the default for the much larger base of ordinary chat users reflects where the underlying incentive still points. A zero-cloud deployment has no equivalent tension to manage — there is no broader profile for the system to benefit from building, and no version of the product that is more valuable with the wall removed.

There is also a second risk specific to the cloud version that has no local equivalent. Even where memory is correctly scoped, it still passes through the vendor. Content shared with a cloud AI tool, including saved memories, may be used to improve the vendor's models depending on account-level settings, and enterprise or business administrators typically retain visibility into workspace activity. That is the sovereignty and vendor-access problem addressed directly in White Paper No. 4 — and it stacks on top of the memory-walling problem rather than replacing it. A cloud deployment has two independent things to get right: the scoping, and the question of whether the vendor itself should be trusted with the data at all. A correctly built local deployment only has the first.

The conclusion this paper draws from the comparison is narrow and specific: walled memory is not an argument for local AI over cloud AI on its own, since the principle applies regardless of where the model runs. What zero-cloud deployment changes is which side of the incentive the architecture sits on. A cloud vendor builds isolation as an exception to a default that points the other way, and maintains it as an enterprise option layered onto consumer-scale infrastructure built for a different design. A zero-cloud deployment has no default to deviate from and no second system to reconcile the wall against — the isolation is simply what the system is, in the only version of it that exists.

Section 12

Where the Rest of the Medical AI Market Stands

It is worth checking this paper's argument against what the broader medical AI market has actually built, rather than assuming a gap exists. The dominant category of clinical AI tool today is the ambient scribe — software that listens to a single patient encounter and drafts a note from it, then hands that note to the EHR. The architecture of these tools is, by design, built around one encounter at a time. They do not retain a standing memory store that persists and is queried across separate patient visits the way a chat-style assistant with memory does.

That distinction matters directly for this paper's argument. For the majority of the ambient scribe category, the cross-patient leakage risk described throughout this paper does not currently apply — not because the leading vendors have solved it, but because the persistent-memory feature that would create the risk has not yet been built into that part of the market. A smaller, more advanced tier of clinical AI tools is beginning to move beyond single-encounter documentation toward surfacing longitudinal clinical context and decision support drawn from a patient's broader chart history. That is precisely the kind of capability where the isolation questions in this paper become relevant. No vendor documentation reviewed for this paper publicly describes how that longitudinal memory, where it exists, is isolated per patient at the architecture level.

The Honest Positioning

This is not evidence that other medical AI vendors have built unwalled memory and gotten it wrong. It is evidence that walled, persistent, per-patient memory is largely unaddressed territory in the medical AI market as it stands — either because the feature does not yet exist in most products, or because vendors that are moving toward it have not published how isolation is enforced. For a practice evaluating this capability, that makes the question in Section 10 worth asking directly of any vendor, including AI Driven: not "do you have memory," but "show me how a query about Patient A is structurally prevented from returning data captured under Patient B."

The practical implication is straightforward. Walled memory, in this market, is not a response to an existing competitive failure. It is groundwork laid ahead of where the rest of the category is heading — solving the isolation problem at the architecture level before persistent cross-visit memory becomes a standard expectation, rather than retrofitting isolation onto a memory feature already in wide use.

Section 13

Conclusion

Zero-cloud deployment solves a vendor-access problem: it removes the third party that used to have a standing claim on confidential professional communications. Persistent memory, done carelessly, reintroduces a structurally similar problem from inside the practice itself — a different matter's attorney, or a different patient's provider, taking the cloud vendor's old seat. Done with deliberate isolation — ownership-scoped storage, hard-filtered retrieval, conversational context cleared on record switch, and an honest accounting of where the architecture's real limits are — persistent memory becomes what it was meant to be from the start: a private AI deployment that gets more useful over time without becoming less safe to use.

The wall is not a feature bolted onto memory. It is what makes memory compatible with professional obligation in the first place.

See the Wall Hold, Not Just Hear About It

We can show you a live demonstration of patient- or matter-scoped memory — including the adversarial questions designed to find a leak if one exists — on your own hardware, with your own data never leaving the building.

Request a Practice Assessment →
← White Paper No. 4: The Sovereignty Problem ← All White Papers

Section 14

References

U.S. Department of Health and Human Services, Office for Civil Rights, Minimum Necessary Requirement, 45 C.F.R. § 164.502(b), 164.514(d). Codifies the requirement that covered entities limit PHI use and disclosure to the minimum necessary for the intended purpose.
U.S. Department of Health and Human Services, HIPAA Security Rule — Audit Controls, 45 C.F.R. § 164.312(b). Requires covered entities to implement hardware, software, and procedural mechanisms to record and examine access to systems containing electronic PHI.
American Bar Association, Model Rules of Professional Conduct, Rule 1.10 (Imputation of Conflicts of Interest: General Rule) and associated commentary on screening procedures and ethical walls.
Restatement (Third) of the Law Governing Lawyers § 124 (2000), addressing the adequacy standard for ethical screens used to avoid imputed disqualification.
United States v. Heppner, discussed in AI Driven White Paper No. 1, on the relationship between on-premises AI processing and preservation of attorney-client privilege as compared to cloud-mediated processing. See also: New York State Bar Association, Loose AI Prompts Sink Ships: How Heppner Shook the Legal Community, nysba.org, March 10, 2026. Available at: nysba.org/loose-ai-prompts-sink-ships-how-heppner-shook-the-legal-community.
AI Driven, Zero Cloud AI: What Law Firms and Medical Practices Need to Know, aidriven.pro/whitepaper.html, May 2026.
AI Driven, The Sovereignty Problem: Who Actually Owns Your AI's Outputs?, aidriven.pro/whitepaper4.html, August 2026.
OpenAI, Memory and New Controls for ChatGPT and related Projects documentation, openai.com/help, on how Project-scoped memory is partitioned from main-chat memory and from other Projects.
Forrester Research, industry analysis comparing default memory architecture across major consumer AI assistants, noting project-scoped isolation as the distinguishing design choice between providers, 2026.
OpenAI, Data Controls and Model Training Settings, openai.com/help, on account-level settings governing whether chat and memory content may be used to improve models, and on administrator visibility into workspace activity under Business, Enterprise, and Edu plans.
Glass Health, AI for Doctors 2026: Scribing, CDS, DDx — Physician Guide, glass.health/resources/ai-for-doctors, April 2026, on ambient scribing platforms extending into chart-context-aware clinical decision support.
Survey of leading ambient AI medical scribe platforms (including Nuance/Dragon, Suki, Abridge, Nabla, DeepScribe, Ambience), 2026, on single-encounter documentation architecture as the dominant design pattern in the category as of this paper's publication.