Patient intake (pre-visit, HIPAA-compliant)

Patient intake automates the entire pre-visit patient journey: from first contact to a completed electronic record ready for the appointment. The AI agent handles questionnaires, insurance data, document photos, and medical history — collecting, verifying, and structuring everything without the receptionist's involvement. For the clinic, this means that when the patient arrives, the doctor opens a fully populated chart, and the front desk is not drowning in manual data entry.

What automation does exactly

1. Sends an invitation. The scenario starts 48 hours before the appointment, sending a secure link via SMS or email through the Communications channel with HIPAA coverage.
2. Runs an adaptive questionnaire. The patient answers questions on demographics, complaints, allergies, and medications. The agent adjusts questions to the visit type.
3. Extracts data from documents. Photos of the insurance card, ID, referrals, and previous discharge summaries go through OCR and a vision model — the required fields are populated without manual entry.
4. Verifies insurance coverage. Sends a request to the clearinghouse service, receives policy status, co-pay, and eligibility.
5. Classifies the case. The agent determines the visit type (initial, follow-up, urgent), triages by complaints, and routes to the appropriate specialist.
6. Syncs the Calendar. Confirms the slot, blocks preparation time, sends reminders 24 and 2 hours in advance.
7. Transfers the record to the EHR. The completed entry goes into the patient chart — the doctor sees the fully populated document before the appointment begins.
8. Logs HIPAA events. Every action involving PHI is recorded in an immutable log for audit purposes.

What automation does not do

• Does not make diagnoses or medical decisions: AI collects data, the doctor interprets.
• Does not work without a BAA (Business Associate Agreement) with AI, hosting, and communications providers. If the BAA is not signed — it cannot be launched.
• Does not cover telehealth visits out of the box: video protocols and remote monitoring require separate configuration.

Who it is for

Clinics with an outpatient format where the front desk is overloaded with manual entry and errors in intake data lead to insurance denials and rework. The minimum threshold is 500–800 visits per month to cover the BAA layer and infrastructure. Smaller volumes are more efficiently handled with simple web forms without AI.

For a dermatology practice with 8 physicians, the impact was $185K per year on a $12,900 investment — 1334% ROI. The key factor is not the 92% time reduction itself, but the freed-up receptionist hours that went toward complex cases: non-standard insurance, appeals, follow-up.

Technically, Patient intake is a multi-step orchestration on top of the clinic's existing stack. The AI agent does not replace the EHR or PM system, but supplements them as a HIPAA-compliant wrapper on a vertical-SaaS core.

Flow architecture

1. Trigger. The 'patient scheduled' event in the PM system sends a webhook — the agent scenario starts.
2. Conversational layer. The patient interacts through a secure web portal or Communications chat channel with BAA coverage. No login required — the link is one-time, tied to the appointment ID.
3. Document AI. Uploaded photos go through OCR and a vision model. Fields are extracted from unstructured documents: policy number, group, plan-holder name, dates.
4. Validation. Data is checked against format (policy structure, NPI directory, date correctness). Comparison with the clinic's database for duplicates.
5. Classification agent. The AI agent classifies the visit by complaints and routes it to the appropriate specialization. At low confidence — fallback to the receptionist.
6. Integration bus. The ready structure is pushed to EHR via FHIR or HL7 API. If a direct API is unavailable — an RPA connector transfers data like a bot operator.
7. Audit log. All actions with PHI are written to an immutable log with user ID, timestamp, and access scope.

Solution components

Implementation steps

1. Weeks 1–2: discovery and BAA. As-is process map, inventory of forms and integrations. In parallel — signing BAA with vendors.
2. Week 2–3: infrastructure. Closed VPC, at-rest and in-transit encryption, role-based access, test connection to EHR.
3. Weeks 3–4: agent assembly. Questionnaire configuration for the specialization, extraction prompt setup, connection to the PM system, scenarios on synthetic data.
4. Week 4: pilot. 1–2 doctors, 50–100 real patients, manual quality check, confidence threshold calibration for classification and extraction.
5. After the pilot: scaling to the entire clinic, quarterly HIPAA audits, retrospective with reception for iteration.

Automation boundaries

The confidence threshold is the key parameter. When the value falls below the setting (typically 0.85), the case goes to the receptionist's queue. This is a tradeoff between automation and accuracy: it is better to hold 5–7% of complex cases than to miss 0.5% of errors in EHR. In a dermatology practice, the threshold was calibrated to a stable error rate of 0.3% — down from the initial 3.8%.

Launching Patient intake requires a set of organizational, legal, and technical prerequisites. The main work is not inside the AI agent, but in the compliance layer and EHR integrations.

Data and access:

• BAA (Business Associate Agreement) with the AI provider, hosting, and communications vendor — required under HIPAA.
• API access to EHR via FHIR or HL7, or consent for RPA integration for legacy systems.
• Current intake forms in any format (PDF, paper, web) — to preserve the familiar patient workflow.
• List of document sources: insurance policy, ID, referrals, previous discharge summaries.
• A configured clearinghouse service for insurance verification, or readiness to connect one of the standard vendors.
• Baseline metrics: current intake time, error rate, wait time — needed for comparison at 30 and 90 days.

Team and processes:

• Product owner from the clinic side — operations manager or administrator (4–8 hours per week during the pilot, 1–2 hours after).
• Privacy Officer — signs the BAA, validates security controls, is responsible for the HIPAA risk assessment.
• 1–2 early-adopter physicians and a receptionist for UAT, triage calibration, and patient experience feedback.
• A weekly retro slot for the first 8 weeks — critical for iteration and closing edge cases.

Timeline:

• 4–6 weeks from BAA signing to a production pilot with 1–2 physicians.
• Another 2–4 weeks to scale across the entire clinic, with receptionist training and adaptation for each specialty.