Healthcare Crew

HIPAA-aware AI voice agents that integrate with your EHR to help patients manage their healthcare — accessible via phone calls and web voice widgets.

Overview

The Healthcare Crew provides AI-powered voice agents designed specifically for healthcare providers. Patients can call your practice phone number or use the web voice widget to check appointments, medications, refill status, and more — all through natural conversation.

The system integrates directly with your Electronic Health Record (EHR) via the FHIR standard, enabling real-time access to patient data. All interactions are logged with HIPAA-compliant audit trails, and sensitive data is encrypted at rest using AES-256-GCM.

HIPAA Compliance

Security First: Autocrew implements comprehensive HIPAA-aware safeguards across every layer of the healthcare workflow.

Encryption at Rest

All sensitive data — including private keys, access tokens, and patient context tokens — is encrypted using AES-256-GCM before storage.

No PHI in Logs

Application logs never contain Protected Health Information. Only safe identifiers are logged. Raw health data is sanitized.

FHIR Audit Trail

Every health data access is logged in a comprehensive, immutable audit trail available for compliance review.

Multi-Tenant Isolation

Each healthcare organization's data is fully isolated. Cross-tenant data access is strictly prevented.

EHR Integration

Autocrew connects to your EHR using the FHIR R4 standard with SMART Backend Services authorization. This enables secure, automated system-to-system communication.

FHIR R4 Standard: Industry-standard API for healthcare data exchange
SMART Backend Services: Secure system-to-system authorization
Token Caching: Minimized authentication overhead
JWKS Endpoint: Verified JWT assertions

Patient Identification

Before accessing health data, patients must be identified through natural conversation. The system requires two or more identifiers to ensure secure matching.

MRN: Unique medical record number
Phone + Date of Birth: Match using verified phone and DOB
Name + Date of Birth: Match using full name and DOB

Health Data Capabilities

Once identified, patients can ask about a growing range of health data categories:

Patient Demographics

Access and verify personal information and contact details.

Appointment Management

Check upcoming appointments, scheduling details, and reminders.

Medication Information

Review active medications, refill status, and dispense history.

Visit History

Review past visits, encounter summaries, and care history.

Configuration

Setting up a Healthcare Crew involves configuring your FHIR tenant connection:

FHIR Tenant Config: EHR FHIR base URL and client credentials
FHIR Scopes: Access control for specific resources (Patient, Appointment, etc.)
Session Expiry: Configurable patient context duration (default 4 hours)
Agent Persona: Customize the agent name, greeting, and tone

Security Architecture

Patient Call/Widget
    │
    ▼
Voice Session JWT (1h expiry)
    │
    ▼
Patient Identification (2+ identifiers)
    │
    ▼
Patient Context JWT (4h expiry)
    │  ── Carries verified identity
    │
    ▼
SMART Backend Services
    │  ── System-to-system auth
    │
    ▼
FHIR R4 API
    │
    ▼
FHIR Audit Log

Language: text

Best Practices

Tip: Start with a limited set of FHIR scopes and expand as you validate the workflow with your clinical team.

Audit Regularly: Review FHIR audit logs for compliance
Keep KB Updated: Maintain accurate clinic policies in the Knowledge Base
Test Identification: Verify patient matching flows with test data
Monitor Escalations: Track questions the agent cannot answer