top of page

Privacy Policy

A legal disclaimer

Effective Date: 3/3/2026

​

At TriageAI, LLC ("TriageAI"), we bridge the gap between patient communication and clinical efficiency using advanced artificial intelligence. We are committed to the highest standards of privacy, security, and HIPAA compliance.

​

1. Information We Collect

  • Patient Voice & Health Information: We receive audio recordings and metadata from your integrated communication systems (e.g., RingCentral). This information often contains Protected Health Information (PHI).

  • Practice & Provider Data: We collect contact details, NPI numbers, and account information from the medical practices we serve.

  • Usage Metadata: We collect technical logs (IP addresses, access timestamps) to ensure the security and integrity of our AI platform.

2. How We Use Information

  • AI-Powered Processing: We use Large Language Models (LLMs) and Speech-to-Text technology to transcribe, summarize, and triage patient voicemails into structured clinical cases.

  • Service Delivery: To provide actionable insights to your clinical team via our dashboard or EMR integrations.

  • Platform Improvement (De-identified only): We may use de-identified data—stripped of all 18 HIPAA identifiers—to fine-tune our algorithms and improve triage accuracy. We never use identifiable PHI to train general-purpose or "base" AI models.

3. HIPAA & Security Posture

  • Encryption: All data is encrypted at AES-256 (at rest) and TLS 1.2+ (in transit).

  • Infrastructure: We utilize "HIPAA-Eligible" environments from providers like AWS.

  • Business Associate Agreements (BAA): TriageAI operates as a Business Associate. We execute BAAs with all Covered Entities and ensure our AI Model Providers (sub-processors) are bound by the same stringent HIPAA protections.

4. AI Specific Disclosures

  • No Medical Advice: TriageAI is an administrative tool. Our AI does not provide medical diagnoses or treatment plans.

  • Human-in-the-Loop: Our AI-generated outputs (transcriptions and triage summaries) may contain "AI Hallucinations" or transcription errors. All outputs must be reviewed and verified by a licensed clinical professional before taking any medical action.

  • Sub-processors: A current list of our HIPAA-compliant AI and infrastructure sub-processors is available upon request or at https://www.triageai.us/sub

5. Data Retention & Deletion

  • PHI Retention: We retain PHI only for the duration of our agreement with the medical practice or as required by law.

  • Destruction: Upon termination of service, identifiable PHI is returned or destroyed. Please note that "De-identified Data" and non-identifiable "Model Weights" (mathematical representations) derived during the service period are not subject to deletion, as they contain no PHI.

6. Sharing of Information

  • No Sale of Data: We do not sell, rent, or trade patient or practice data to third parties.

  • Clinical Workflow: Information is shared only with your authorized practice users and our HIPAA-compliant technical partners.

7. Contact & Rights

Under HIPAA and applicable state laws, you have the right to access and audit how your data is used. For all inquiries, please contact our  Privacy Officer: Phillip Penny, DO Email: info@triageai.us 

bottom of page