24/7 voice agent that books appointments and captures intake info under a signed BAA — engineered for dental, med spa, and healthcare-adjacent SMBs.
Dental offices and med spas miss 30-60% of incoming calls outside business hours and lose them to voicemail. Voice AI solves it — but most generic voice platforms (e.g. Vapi default config) do not ship with HIPAA-grade infrastructure. Retell AI offers HIPAA support including a signed BAA on standard plans; ElevenLabs and Synthflow offer paid HIPAA tiers. The workflow below sets up the agent, the consent flow, and the safe handoff to humans for clinical questions the agent must not answer.
Retell AI ships a BAA on request. Vapi requires the Enterprise tier for HIPAA. ElevenLabs Conversational AI has a HIPAA add-on. Get the BAA executed before any PHI flows. Without it, you are non-compliant the moment a patient says 'my last filling.'
Recording retention: minimum needed (often 30-90 days for QA). Transcript retention: configurable. Make sure PII redaction is on for any logs sent to non-BAA-covered systems. Anything sent to Slack, Linear, or a CRM must flow through a HIPAA-compliant pipeline.
Explicit list of: what the agent CAN say (services, hours, location, generic pricing ranges, booking), what it CANNOT (diagnoses, treatment plans, medication advice, specific clinical guidance). Include 5-10 sample dialogues for clinical escalation.
Booking goes into NexHealth, Dentrix, or your PMS — not a generic Calendly. CRM updates flow into a HIPAA-covered platform (HubSpot Enterprise with BAA, or a dedicated dental CRM).
First-call script captures: full name, DOB, reason for call (general category only). For new patients, agent texts a HIPAA-compliant intake form post-call. Never collect SSN, insurance numbers, or detailed medical history by voice.
Trigger phrases: 'pain', 'emergency', 'bleeding', 'insurance question', any specific medication name. Auto-transfer to human or take a callback request. Do not let the agent improvise.
Listen to every call for the first 30 days. You will find 5-10 prompt improvements per week — most around accent handling and clinical-edge cases.
Use these templates as-is or customize for your business.
You are Sara, the virtual receptionist for {{practice_name}}. Your job is to (1) greet callers warmly, (2) book or reschedule appointments using the calendar tool, (3) answer location, hours, and generic service-and-pricing questions, (4) transfer immediately for anything clinical.
ABSOLUTE RULES:
- Never give a diagnosis, treatment recommendation, or medication advice. Not even 'sounds like it might be a cavity.'
- Never quote a specific procedure price without confirming insurance — use ranges only.
- If a caller mentions pain, bleeding, swelling, fever, an injury, an emergency, or asks about a specific medication, transfer to a human or schedule a callback. Do not try to assess severity.
- If a caller asks about insurance benefits, transfer or schedule a callback. Do not improvise eligibility.
- Confirm name and DOB before discussing any prior appointment.
- Tone: warm, concise, never robotic.[ ] BAA signed with voice provider (Retell, Vapi Enterprise, ElevenLabs Enterprise) [ ] BAA signed with CRM (HubSpot Enterprise, etc.) [ ] BAA signed with calendar (NexHealth, Dentrix integration) [ ] Data retention configured to minimum necessary [ ] PII redaction enabled on transcripts going to non-covered systems [ ] Staff trained on what data agent collects and what it does not [ ] Notice of Privacy Practices updated to disclose AI receptionist [ ] State law review complete (some states require AI disclosure)
Transfer immediately on: 'pain', 'hurts', 'bleeding', 'swelling', 'emergency', 'accident', 'broke', 'chipped', 'numbness', any drug name, 'bad reaction', 'allergic'. Schedule callback on: 'insurance'. 'coverage', 'pre-authorization', 'what does my plan cover'. Always disclose: 'I'm an AI assistant' when asked.
Get a new AI workflow every week. Prompts, tool stacks, and ROI math included.
Single agent with function-calling: one LLM with a defined toolbox (CRM, calendar, knowledge base) decides which tool to invoke at each turn. Easiest to debug; appropriate for most well-scoped business workflows.
Learn the agentic glossary →Where this workflow tends to break in production — and what to put in place before you ship it.
Agent improvises clinical advice
Mitigation: Hard-coded refusal phrases and immediate escalation triggers; weekly transcript audit for first 30 days.
PII leaks to non-BAA tool
Mitigation: PII redaction on all non-covered destinations; explicit list of covered vs non-covered integrations.
Insurance question handled incorrectly
Mitigation: Hard rule: transfer or callback on any insurance question. Never let agent guess eligibility.
Skip if your jurisdiction prohibits AI receptionists in healthcare contexts (check state law). Skip if you cannot get BAAs signed. Skip if your call volume is under 30/week — the compliance overhead is not worth the savings at low volume.
A phased approach to get this workflow running and delivering ROI.
Days 1–30
Foundation
Days 31–60
Optimization
Days 61–90
Scale
Same workflow, tuned for your niche with tailored copy, examples, and ROI numbers.
Three AI receptionists targeting the same SMB market but built for different niches. Here is an honest comparison of Goodcall, Rosie, and Smith.ai based on production deployments.
Most small businesses starting with AI build the wrong workflow first and quit after 30 days. Here is the one to start with, and why it works.
Maintenance requests eat 40% of a property manager's time. Here is how AI is handling triage, scheduling, and tenant communication automatically.
One practical AI workflow per week. No fluff.
Get the full guide with step-by-step setup, workflow templates, and copy-paste assets.