top of page

Privacy Policy

A legal disclaimer

Effective Date: 3/3/2026

At TriageAI, LLC ("TriageAI"), we bridge the gap between patient communication and clinical efficiency using advanced artificial intelligence. We are committed to the highest standards of privacy, security, and HIPAA compliance.

1. Information We Collect

  • Patient Voice & Health Information: We receive audio recordings and metadata from your integrated communication systems (e.g., RingCentral). This information often contains Protected Health Information (PHI).

  • Practice & Provider Data: We collect contact details, NPI numbers, and account information from the medical practices we serve.

  • Usage Metadata: We collect technical logs (IP addresses, access timestamps) to ensure the security and integrity of our AI platform.

2. How We Use Information

  • AI-Powered Processing: We use Large Language Models (LLMs) and Speech-to-Text technology to transcribe, summarize, and triage patient voicemails into structured clinical cases.

  • Service Delivery: To provide actionable insights to your clinical team via our dashboard or EMR integrations.

  • Platform Improvement (De-identified only): We may use de-identified data—stripped of all 18 HIPAA identifiers—to fine-tune our algorithms and improve triage accuracy. We never use identifiable PHI to train general-purpose or "base" AI models.

3. HIPAA & Security Posture

  • Encryption: All data is encrypted at AES-256 (at rest) and TLS 1.2+ (in transit).

  • Infrastructure: We utilize "HIPAA-Eligible" environments from providers like AWS.

  • Business Associate Agreements (BAA): TriageAI operates as a Business Associate. We execute BAAs with all Covered Entities and ensure our AI Model Providers (sub-processors) are bound by the same stringent HIPAA protections.

4. AI Specific Disclosures

  • No Medical Advice: TriageAI is an administrative tool. Our AI does not provide medical diagnoses or treatment plans.

  • Human-in-the-Loop: Our AI-generated outputs (transcriptions and triage summaries) may contain "AI Hallucinations" or transcription errors. All outputs must be reviewed and verified by a licensed clinical professional before taking any medical action.

  • Sub-processors: A current list of our HIPAA-compliant AI and infrastructure sub-processors is available upon request or at https://www.triageai.us/sub

5. Data Retention & Deletion

  • PHI Retention: We retain PHI only for the duration of our agreement with the medical practice or as required by law.

  • Destruction: Upon termination of service, identifiable PHI is returned or destroyed. Please note that "De-identified Data" and non-identifiable "Model Weights" (mathematical representations) derived during the service period are not subject to deletion, as they contain no PHI.

6. Sharing of Information

  • No Sale of Data: We do not sell, rent, or trade patient or practice data to third parties.

  • Clinical Workflow: Information is shared only with your authorized practice users and our HIPAA-compliant technical partners.

7. Contact & Rights

Under HIPAA and applicable state laws, you have the right to access and audit how your data is used. For all inquiries, please contact our  Privacy Officer: Phillip Penny, DO Email: info@triageai.us 

bottom of page