24/7 voice agent that books appointments and captures intake info under a signed BAA — engineered for dental, med spa, and healthcare-adjacent SMBs.
Healthcare-adjacent clinics — dental offices, med spas, specialty and outpatient practices — miss 30–60% of incoming calls outside business hours and lose those callers to voicemail, which in practice means losing them to the next clinic that picks up. Voice AI solves the coverage problem, but most generic voice platforms do not ship with the infrastructure a healthcare setting requires: a signed BAA, PHI-safe handling, and an intake flow that collects only what it should. A HIPAA-conscious voice agent answers every call 24/7 under a signed business-associate agreement, books appointments straight into the schedule, captures the minimum necessary intake information, and routes anything clinical or urgent to the right human — without leaving a ready-to-book patient talking to voicemail at 8pm. The non-negotiable is the compliance posture: the BAA, the data handling, and a clear boundary that the agent schedules and intakes but does not give clinical advice.
A multi-location dental group put a HIPAA-conscious voice agent on its after-hours line under a signed BAA; new-patient calls that used to hit voicemail now book directly into the schedule, and the front desk arrives to confirmed appointments instead of a callback list. A med spa uses the agent to answer treatment and pricing questions and book consults around the clock, capturing the late-evening research traffic that drives its bookings. A specialty clinic routes anything clinical or urgent straight to its triage line while letting the agent handle scheduling and basic intake, keeping the compliance boundary clean.
Retell AI ships a BAA on request. Vapi requires the Enterprise tier for HIPAA. ElevenLabs Conversational AI has a HIPAA add-on. Get the BAA executed before any PHI flows. Without it, you are non-compliant the moment a patient says 'my last filling.'
Recording retention: minimum needed (often 30-90 days for QA). Transcript retention: configurable. Make sure PII redaction is on for any logs sent to non-BAA-covered systems. Anything sent to Slack, Linear, or a CRM must flow through a HIPAA-compliant pipeline.
Explicit list of: what the agent CAN say (services, hours, location, generic pricing ranges, booking), what it CANNOT (diagnoses, treatment plans, medication advice, specific clinical guidance). Include 5-10 sample dialogues for clinical escalation.
Booking goes into NexHealth, Dentrix, or your PMS — not a generic Calendly. CRM updates flow into a HIPAA-covered platform (HubSpot Enterprise with BAA, or a dedicated dental CRM).
First-call script captures: full name, DOB, reason for call (general category only). For new patients, agent texts a HIPAA-compliant intake form post-call. Never collect SSN, insurance numbers, or detailed medical history by voice.
Trigger phrases: 'pain', 'emergency', 'bleeding', 'insurance question', any specific medication name. Auto-transfer to human or take a callback request. Do not let the agent improvise.
Listen to every call for the first 30 days. You will find 5-10 prompt improvements per week — most around accent handling and clinical-edge cases.
Tuned for Healthcare. Use as-is or adapt to your voice.
Thank you for calling [Practice]. I can book you an appointment and take a few details. Collect only the minimum necessary: name, callback number, reason for visit in general terms (do not probe for clinical detail), new or existing patient, and preferred day/time. Confirm: I will text a confirmation to this number — is that okay? Do NOT request or record sensitive clinical history, payment card numbers, or full insurance details by voice — note to bring insurance to the visit. If the caller describes an emergency or urgent symptom, stop intake and route immediately to [urgent line / instruct to call 911].
Before going live, confirm: signed BAA with the voice platform AND any subprocessors that touch call data; PHI encrypted in transit and at rest; call recordings/transcripts stored only as long as needed and access-logged; the agent collects only minimum-necessary data; a documented boundary that the agent does not provide clinical advice; staff trained on what the agent does and does not handle; and a tested escalation path for urgent calls. Re-verify the BAA and data-handling on any platform change.
Hi [First Name], this is [Practice] confirming your appointment on [date] at [time] with [provider/dept]. Please arrive [X] minutes early and bring your photo ID and insurance card. Need to reschedule? Reply R or call [number]. If your situation changes and becomes urgent before your visit, please call [urgent line] or 911. See you soon!
You are Sara, the virtual receptionist for {{practice_name}}. Your job is to (1) greet callers warmly, (2) book or reschedule appointments using the calendar tool, (3) answer location, hours, and generic service-and-pricing questions, (4) transfer immediately for anything clinical.
ABSOLUTE RULES:
- Never give a diagnosis, treatment recommendation, or medication advice. Not even 'sounds like it might be a cavity.'
- Never quote a specific procedure price without confirming insurance — use ranges only.
- If a caller mentions pain, bleeding, swelling, fever, an injury, an emergency, or asks about a specific medication, transfer to a human or schedule a callback. Do not try to assess severity.
- If a caller asks about insurance benefits, transfer or schedule a callback. Do not improvise eligibility.
- Confirm name and DOB before discussing any prior appointment.
- Tone: warm, concise, never robotic.[ ] BAA signed with voice provider (Retell, Vapi Enterprise, ElevenLabs Enterprise) [ ] BAA signed with CRM (HubSpot Enterprise, etc.) [ ] BAA signed with calendar (NexHealth, Dentrix integration) [ ] Data retention configured to minimum necessary [ ] PII redaction enabled on transcripts going to non-covered systems [ ] Staff trained on what data agent collects and what it does not [ ] Notice of Privacy Practices updated to disclose AI receptionist [ ] State law review complete (some states require AI disclosure)
Transfer immediately on: 'pain', 'hurts', 'bleeding', 'swelling', 'emergency', 'accident', 'broke', 'chipped', 'numbness', any drug name, 'bad reaction', 'allergic'. Schedule callback on: 'insurance'. 'coverage', 'pre-authorization', 'what does my plan cover'. Always disclose: 'I'm an AI assistant' when asked.
Get one new AI workflow per week, tuned for Healthcare teams. Real templates, real ROI.
Skip if your jurisdiction prohibits AI receptionists in healthcare contexts (check state law). Skip if you cannot get BAAs signed. Skip if your call volume is under 30/week — the compliance overhead is not worth the savings at low volume.
One practical AI tip per week. No fluff.
Get the full guide with niche templates and workflow imports.