top of page

TriageAI Sub-processor List

TriageAI, LLC
​

Effective Date: August 26, 2025

​

Last Updated: March 3, 2026

​

To support the delivery of our AI-powered triage and transcription services, TriageAI, LLC ("TriageAI") utilizes third-party "Sub-processors" to assist with data processing activities.

​

Under the terms of our Business Associate Agreement (BAA), TriageAI maintains written agreements with each Sub-processor listed below. These agreements ensure that patient Protected Health Information (PHI) is handled with the same or higher level of security and privacy as required by HIPAA and HITECH regulations.

​

Data Residency: All PHI processed by TriageAI and its Sub-processors is stored and processed exclusively within the United States. No PHI is transferred outside of the United States at any point in the data processing pipeline.

​

Core Infrastructure & AI

These providers host our platform, execute our AI models, and ensure your data remains encrypted and available.

​

Amazon Web Services (AWS)

  • Service: Hosting, Database, Storage, and AI Model Execution

  • Role: AWS provides the HIPAA-eligible cloud environment for TriageAI's entire platform infrastructure, including our proprietary Whisper-based transcription engine. All Anthropic Claude AI model processing is performed exclusively through Amazon Bedrock, AWS's managed AI service. Claude models are accessed solely via Amazon Bedrock within our private AWS environment — no PHI is transmitted directly to Anthropic outside of the AWS infrastructure, and the AWS BAA governs all Claude model interactions within this environment.

  • Data Types Processed: PHI (audio, transcriptions, structured case data), model inputs and outputs

  • Data Location: United States (AWS US regions only)

  • PHI Training Prohibition: No patient PHI is used to train or fine-tune the underlying Claude, Whisper, or any other base AI models. Model interactions within Amazon Bedrock are governed by AWS's BAA and Amazon Bedrock's data isolation guarantees.

  • BAA Executed: August 26, 2025

  • Compliance Certifications: HIPAA BAA Executed; SOC 2 Type II; ISO 27001; CSA STAR Level 2

​

Communication Stack

These providers handle the ingestion of voicemails and patient metadata.

​

RingCentral

  • Service: VoIP Voicemail Ingestion

  • Role: Securely routes patient audio recordings from the practice's phone system into the TriageAI secure AWS environment. PHI is transmitted via encrypted channels and is not retained by RingCentral beyond the secure handoff to TriageAI's platform.

  • Data Types Processed: PHI (patient audio recordings, associated caller metadata)

  • Data Location: United States

  • BAA Executed: August 26, 2025

  • Compliance Certifications: HIPAA BAA Executed; SOC 2 Type II; ISO 27001

​

Administrative Communication

These providers are used for internal business operations and customer support only.

​

Google Workspace (Gmail)

  • Service: Enterprise Administrative Communication and Customer Support

  • Role: Used exclusively for internal administrative communication and customer support between TriageAI staff and CE personnel. No PHI is transmitted through Google Workspace. All PHI-containing communications are handled through TriageAI's HIPAA-compliant secure platform environment hosted on AWS. Google Workspace is used solely for non-PHI business correspondence.

  • Data Types Processed: Non-PHI administrative correspondence only

  • Data Location: United States

  • BAA Executed: August 26, 2025

  • Compliance Certifications: HIPAA BAA Executed (Google Workspace Enterprise Tier); SOC 2 Type II; ISO 27001

​

Sub-processor Change Notification

TriageAI is committed to transparency regarding the third parties that process PHI on behalf of our Covered Entity clients. When TriageAI engages a new Sub-processor that will process PHI, this page will be updated and active Covered Entity clients will be notified via email to the Privacy Officer contact on file no less than thirty (30) days prior to the new Sub-processor beginning to process PHI. This notice period allows Covered Entities the opportunity to raise compliance concerns prior to the change taking effect.

​

To ensure you receive Sub-processor change notifications, please confirm your Privacy Officer email address is current in your TriageAI account settings or by contacting us at info@triageai.us.

​

Questions or Compliance Requests

For questions regarding this Sub-processor List, to request copies of Sub-processor BAAs, or to raise a compliance concern:

General Inquiries: info@triageai.us Privacy Officer: Phillip Penny, DO Privacy Officer Email: info@triageai.us

bottom of page