AutoCrew LogoAutoCrew

Healthcare Crew

HIPAA-aware AI voice agents that integrate with your EHR to help patients manage their healthcare — accessible via phone calls and web voice widgets.

Overview

The Healthcare Crew provides AI-powered voice agents designed specifically for healthcare providers. Patients can call your practice phone number or use the web voice widget to check appointments, medications, refill status, and more — all through natural conversation.

The system integrates directly with your Electronic Health Record (EHR) via the FHIR standard, enabling real-time access to patient data. All interactions are logged with HIPAA-compliant audit trails, and sensitive data is encrypted at rest using AES-256-GCM.

HIPAA Compliance

Encryption at Rest

All sensitive data — including private keys, access tokens, and patient context tokens — is encrypted using AES-256-GCM before storage. Encryption keys are managed separately from encrypted data.

No PHI in Logs

Application logs never contain Protected Health Information. Only safe identifiers like the last 4 digits of a phone number or birth year are logged for traceability. All raw health data is sanitized before AI processing.

FHIR Audit Trail

Every health data access is logged in a comprehensive audit trail, including the action performed, the patient and resource involved, timestamps, and session context. Audit logs are immutable and available for compliance review.

Session Expiry

Voice sessions expire after 1 hour, and patient context expires after 4 hours (configurable). Expired sessions require re-authentication, ensuring that access windows are limited.

Data Sanitization

Raw FHIR Bundles from your EHR are stripped down to structured, safe types before being processed by the AI. This prevents inadvertent exposure of unnecessary clinical data.

Multi-Tenant Isolation

Each healthcare organization's data is fully isolated. FHIR configurations, patient matches, audit logs, and conversation data are scoped to the owning tenant and cannot be accessed across organizations.

JWT Authentication

Two distinct JWT types protect healthcare interactions: Voice Session tokens (1-hour expiry) authenticate the voice agent session, while Patient Context tokens (4-hour expiry) carry verified patient identity. Both use distinct issuers to prevent token misuse.

EHR Integration

AutoCrew connects to your EHR using the FHIR R4 standard with SMART Backend Services authorization. This enables secure, automated system-to-system communication without requiring individual user logins.

  • FHIR R4 Standard: Industry-standard API for healthcare data exchange
  • SMART Backend Services: Secure system-to-system authorization using client credentials and RS384 JWT assertions
  • Token Caching: System access tokens are cached per configuration to minimize authentication overhead
  • JWKS Endpoint: Public key endpoint for your EHR to verify JWT assertions from AutoCrew

AutoCrew is compatible with any FHIR R4-compliant EHR that supports SMART Backend Services, including major EHR platforms.

Patient Identification

Before accessing health data, patients must be identified through natural conversation. The system requires two or more identifiers to ensure secure matching.

Identification Methods

  • MRN (Medical Record Number): Direct match using the patient's unique medical record number
  • Phone + Date of Birth: Match using phone number and date of birth
  • Name + Date of Birth: Match using full name and date of birth

The system uses confidence-scored matching against your EHR records. Patient context is maintained for the duration of the session (configurable expiry), so patients only need to identify once per session.

Health Data Capabilities

Once identified, patients can ask about a growing range of health data categories through natural voice conversation:

Patient Demographics

Access and verify personal information, contact details, and demographic data on file.

Appointment Management

Check upcoming appointments, view scheduling details, and get appointment reminders.

Medication Information

Review active medications, check refill status, and view dispense history.

Visit & Encounter History

Review past visits, encounter summaries, and care history from your provider.

Continuously Expanding

Additional clinical workflows and health data categories are continuously being added to cover more patient needs. The platform is designed to grow with your practice's requirements.

Multi-Channel Access

Patients can reach the Healthcare Crew through two channels, both providing the same AI agent capabilities:

Phone Calls

Patients call your practice phone number and interact with the AI voice agent through natural conversation. The telephony bridge handles real-time audio streaming with zero-conversion passthrough for optimal voice quality.

Web Voice Widget

Embed a voice widget on your patient portal or website. Patients click to talk and interact with the same AI agent through their browser — no app download required.

Escalation

When the AI agent cannot answer a question or when a patient requests human assistance, the system escalates automatically:

  • Email notifications sent to the configured escalation address
  • Urgency levels (low, medium, high, critical) based on conversation context
  • Full conversation summary included for seamless handoff
  • Session correlation for follow-up tracking

Knowledge Base

In addition to EHR data, the Healthcare Crew can search your knowledge base for clinic-specific information — office hours, directions, insurance policies, preparation instructions, and more. Documents are indexed with vector embeddings for accurate, context-aware retrieval.

Configuration

Setting up a Healthcare Crew involves configuring your FHIR tenant connection and customizing the agent behavior:

  • FHIR Tenant Config: Your EHR's FHIR base URL, client ID, and RS384 key pair for SMART Backend Services authentication
  • FHIR Scopes: Configure which FHIR resource scopes the agent can access (Patient, Appointment, MedicationRequest, Encounter, etc.)
  • Session Expiry: Configurable patient context expiry (default 4 hours)
  • Agent Persona: Customize the agent name, greeting, tone, and conversation style
  • Escalation Email: Configure where escalation notifications are sent
  • Knowledge Base: Upload clinic-specific documents for RAG search

Security Architecture

The Healthcare Crew uses a layered authentication approach to protect patient data:

Patient Call/Widget
    │
    ▼
Voice Session JWT (1h expiry)
    │  ── Authenticates voice agent session
    │
    ▼
Patient Identification (2+ identifiers)
    │  ── MRN, Phone+DOB, or Name+DOB
    │
    ▼
Patient Context JWT (4h expiry, configurable)
    │  ── Carries verified patient identity
    │
    ▼
SMART Backend Services (RS384 + client_credentials)
    │  ── System-to-system EHR authentication
    │
    ▼
FHIR R4 API
    │  ── Scoped data access
    │
    ▼
Response Sanitization
    │  ── Raw FHIR Bundles stripped to safe types
    │
    ▼
FHIR Audit Log
       ── Immutable record of all access

Each JWT type uses a distinct issuer to prevent token misuse across security boundaries. All tokens are encrypted at rest using AES-256-GCM.

Best Practices

  • Audit Regularly: Review FHIR audit logs periodically to ensure access patterns are expected and compliant
  • Keep Knowledge Base Updated: Regularly update clinic-specific documents (hours, policies, preparation instructions) for accurate responses
  • Configure Session Expiry Appropriately: Balance security with patient convenience — shorter sessions are more secure but require more frequent re-identification
  • Test Patient Identification: Verify that identification flows work correctly with your EHR data before going live
  • Monitor Escalations: Track escalation patterns to identify questions the agent cannot answer and expand capabilities accordingly
  • Review Prompt Customization: Tailor the agent persona and tone to match your practice's communication style