Case study — Healthcare AI

An AI Receptionist That Healthcare Law Would Actually Allow.

Doctors Only Urgent Care

Client

Doctors Only Urgent Care

Market

US Healthcare / Urgent Care

Scope

AI Reception + Compliance

Status

Phase 1 Live

01 / Problem

AI in healthcare isn't hard. Doing it legally is.

Doctors Only Urgent Care needed an AI receptionist to handle patient calls, book appointments, and reduce front desk load. The objective was clear. What wasn't clear was how to build it without violating HIPAA — the federal law that governs every piece of protected health information (PHI) in the United States.

The standard playbook — drop in a third-party CRM, pipe calls through a voice agent, log everything to a shared cloud — would have been a compliance disaster. Every vendor in the stack needed a signed Business Associate Agreement (BAA). Every byte of patient data needed to live on infrastructure that could demonstrate HIPAA compliance. The client already had an EMR system in place, but it offered no API access — ruling out any direct automation path in this phase.

HIPAA Compliance at Every Layer

Every tool in the stack — voice AI, storage, analytics — needed to be HIPAA-compliant and covered by a signed BAA. Any gap in the chain would expose the practice to regulatory and legal liability.

No Justification for a Full CRM

Healthcare CRMs with HIPAA compliance start at hundreds of dollars per month. The client only needed call logs and analytics — buying a full CRM for a single use case was economically indefensible.

Locked EMR — No API Access

The practice's existing Electronic Medical Records system had zero API access. End-to-end automation through the EMR was not possible in Phase 1. The architecture had to work around it entirely.

Missed Calls = Lost Patients

Medical practices miss an average of 34% of incoming calls. Each missed call costs $125–$200 in lost revenue. After-hours callers — 11% of total call volume — had zero coverage. Every unanswered ring was a patient calling somewhere else.

02 / Solution

Build the compliance layer. Then build the product on top.

Rather than bolt AI onto an existing system, SMAF AI designed the compliance infrastructure first — then built the AI receptionist on top of it. Every vendor in the stack was audited for HIPAA eligibility. BAAs were signed with Retell AI for voice processing and with Amazon Web Services for all data infrastructure.

Instead of purchasing a HIPAA-compliant CRM — which would have introduced unnecessary cost and scope — we built a fully custom dashboard on AWS. DynamoDB handles structured call metadata. S3 manages encrypted call recordings. Everything is scoped precisely to the clinical workflow, with nothing extraneous touching patient data.

A Calendar API integration was connected directly to Retell AI, giving the voice agent real-time access to appointment availability — so patients hear confirmed booking times, not vague promises to call back.

BAA signed — Retell AIBAA signed — AWSHIPAA-grade DynamoDBEncrypted S3 storageCalendar API live
Voice AI

Retell AI — BAA Signed

Inbound call handling, NLP, post-call analysis, webhook dispatch

Scheduling

Calendar API Integration

Real-time appointment availability during live call

Database

AWS DynamoDB — HIPAA

Call metadata, summaries, sentiment scores, booking status

Storage

AWS S3 — Encrypted

Call recordings stored with AES-256, access-controlled

Dashboard

Custom AWS-Hosted UI

Doctor-facing dashboard — fully HIPAA-scoped, no CRM bloat

Alerts

Automated SMS Notifications

Doctor alert post-call + patient booking confirmation & reminder

03 / Features

What was built.

01

HIPAA-Compliant AI Voice Reception

Retell AI answers every inbound call 24/7. The agent handles appointment scheduling, answers common clinical FAQs, and manages after-hours inquiries — all over a BAA-covered, PHI-safe voice connection.

Retell AIBAA Covered24/7
02

Live Calendar Booking During Calls

The AI agent queries real appointment availability in real time and confirms bookings before the patient hangs up. No callbacks. No manual scheduling. Confirmed appointments on the first call.

Calendar APIReal-TimeZero Callback
03

Custom AWS Compliance Dashboard

A HIPAA-scoped doctor-facing dashboard — hosted entirely on AWS — shows call summaries, sentiment analysis, booking status badges, full transcripts, and call recordings. Built for exactly what the clinic needed. Nothing else.

AWS HostedDynamoDBS3
04

Post-Call AI Analysis

After every call, Retell AI analyses the conversation and fires a webhook to the dashboard. The doctor sees sentiment score, a concise call summary, and a booking status badge — Booked, Not Booked — before the patient even walks through the door.

SentimentWebhookBadges
05

Instant Doctor SMS Alert

The moment a call ends, an automated SMS is dispatched to the doctor with a link to the dashboard. They can review the patient's call summary and booking context before the appointment — with time to prepare, not scramble.

SMS AlertInstantPre-Visit Context
06

Patient Booking SMS + Reminder

After scheduling, the patient receives a booking confirmation SMS with appointment details. A follow-up reminder is automatically sent ahead of the visit, reducing no-shows without any staff involvement.

Booking SMSReminderNo-Show Reduction

The real constraint wasn't technical — it was legal. Once we mapped every data flow against HIPAA requirements and signed BAAs at each touchpoint, the engineering decisions became obvious. Build only what the clinic actually needs. Host it on infrastructure you can defend. Don't create compliance surface area you don't have to.

— SMAF AI Engineering Notes, Doctors Only Urgent Care Project

04 / Industry Context

Why this matters now.

The front desk is the financial front door of every medical practice. The numbers are unambiguous: missed calls, unhandled after-hours inquiries, and manual scheduling failures are costing clinics hundreds of thousands of dollars a year — quietly, invisibly, every single day.

34%

of calls to medical practices go unanswered

Source · MGMA, 2023 / AgentZap Healthcare Report, 2026

$9.77M

average cost of a healthcare data breach in 2024

Source · DialZara / IBM Healthcare Security Report, 2024

$150B

lost annually to no-shows across the US healthcare system

Source · TransLoc / Healthcare Financial Management Association

11%

of patient calls occur outside business hours, with near-zero coverage

Source · Curogram / Neuwark Patient Communication Research, 2025

62%

of callers hang up without leaving a voicemail when unanswered

Source · PatientBond Survey / AgentZap, 2025

29–36%

reduction in no-shows with AI appointment reminders

Source · Answering Agent Healthcare Benchmark, 2026

The economic case

A front desk receptionist costs approximately $47,460 per year in median salary alone — and still can't answer calls at 8pm, handle multiple simultaneous conversations, or guarantee HIPAA-compliant data handling. The AI receptionist at Doctors Only Urgent Care answers every call, books every appointment it can, and sends the doctor a pre-visit brief — for a fraction of that cost, with full compliance documentation.

05 / Roadmap

Phase 1 complete. What comes next.

This engagement was scoped as Phase 1. It was deliberately constrained: prove the compliance architecture works, get the AI receptionist live, and establish the data foundation. The second phase — contingent on migrating to an API-accessible EMR — is where the full automation vision gets realised.

Complete

Phase 1

HIPAA-Compliant AI Reception & Analytics Infrastructure

AI voice receptionist live via Retell AI (BAA signed). Calendar API integration for real-time appointment booking. Custom AWS dashboard with DynamoDB + S3 (BAA signed). Post-call sentiment analysis, summaries, and booking badges. Doctor SMS alerts and patient booking confirmations and reminders.

Upcoming

Phase 2

End-to-End EMR Automation — Zero Human Relay

Once the practice migrates to an API-accessible EMR, the full automation layer becomes available. Every patient interaction — from first call to follow-up — will flow through a single connected system with no manual handoffs.

  • Automated appointment creation and updates directly into the EMR
  • Prescription refill request handling and routing
  • Patient records requests processed and fulfilled automatically
  • Electronic prescription workflows triggered by AI triage
  • Insurance verification and pre-authorisation automation
  • Complete audit trail: call → booking → visit → record — no human in the loop

06 / Outcomes

What was delivered.

100%

Every inbound call — business hours, after hours, weekends — is answered by the AI receptionist. The 11% of calls that used to vanish into the void after closing time now have a compliant, capable handler on the line.

$0

Instead of licensing a bloated, expensive healthcare CRM for a single use case, we built a purpose-built compliance dashboard on AWS — scoped exactly to what the doctor needed, nothing more.

2× BAA

Signed BAAs with both Retell AI and AWS give the practice a legally defensible HIPAA compliance posture at every layer of the stack — voice, compute, storage, and analytics.

Live

Every call ends with an automated SMS to the doctor — summary, sentiment, and booking status in hand before the patient walks through the door. The preparation gap between phone call and clinical visit is closed.

Healthcare AI isn't just a product problem. It's a legal architecture problem. We didn't just connect a voice agent to a calendar — we built a compliance-grade data infrastructure that the practice can stand behind. That's what makes Phase 2 possible.

— SMAF AI, Project Retrospective

Built by

SMAF AI

Smart Systems. Futuristic Solutions.

Ready to build AI that's actually compliant for your industry?

Book a discovery call