AI-Powered Patient Intake System
Automated pre-appointment voice intake for Synapse Orthopedic Group. An AI phone agent calls every patient, conducts a structured clinical history interview, and delivers a formatted report to the clinic — without a single staff member involved.
The Problem
Synapse Orthopedic Group sees a high volume of new patients — many referred from personal injury cases, motor vehicle accidents, and workers' compensation claims. Before every appointment, a clinical staff member spent 15–30 minutes on the phone collecting a detailed patient history: injury background, prior treatments, pain levels, functional limitations, and more. That information then had to be typed up and attached to the patient file before the physician arrived.
The workflow was repetitive, time-consuming, and entirely manual. Key pain points:
- Time cost: 15–30 minutes per patient across dozens of appointments per week
- Inconsistency: Different staff members asked questions differently; reports varied in structure and detail
- Language barriers: Spanish-speaking patients required a bilingual staff member on call
- Missed calls: No systematic retry logic — if a patient didn't answer, the call often wasn't re-attempted
- Turnaround time: Reports were sometimes incomplete by the time the physician walked in
Every step of this workflow followed a deterministic pattern — a perfect candidate for end-to-end automation with AI.
The Solution
DecryptCode built a HIPAA-aware, full-stack system that automates the entire pre-appointment patient history workflow — from SMS reminder to formatted clinical report delivery — with zero staff involvement after a patient is added to the system.
End-to-End Workflow
- Day −3: The system sends an automated SMS reminder via Twilio, alerting the patient to expect a call from the clinic.
- Day −2: At the scheduled time, the system places an outbound AI phone call. If the patient doesn't answer, it retries every 30 minutes until 5 PM — then resumes all-day retry on Day −1. Every attempt is tracked; the system stops once a completed interview is recorded.
- During the call: The patient speaks with an AI voice assistant (Vapi AI) that conducts the structured intake interview. The AI is driven by Claude 3.5 Sonnet, which handles conversation logic, understands nuanced patient responses, and maintains context across the full call. The interview is natural and adaptive — the AI follows up on incomplete answers without sounding robotic.
- Post-call: A Celery background worker picks up the transcript. If the patient spoke Spanish, it is translated to English automatically. Claude then processes the transcript and generates a structured clinical report covering injury history, accident details, prior treatment, current symptoms, medication, and functional limitations.
- Report delivery: The completed report is emailed as a Word document directly to the clinic via Twilio SendGrid — ready for physician review before the appointment, with no staff involvement required.
- Document extraction: Staff can upload prior intake documents (PDFs, scanned forms, Word files). Claude extracts structured fields automatically, pre-populating patient records without manual data entry.
Architecture
The system is built as a containerized, production-grade application deployed on a DigitalOcean VPS.
| Layer | Technology |
|---|---|
| Backend API | FastAPI (Python, fully async) |
| Database | PostgreSQL 15 + SQLAlchemy 2.0 (async) |
| Background Jobs | Celery + Redis |
| Voice AI | Vapi AI (custom LLM endpoint) |
| Conversation LLM | Claude 3.5 Sonnet (Anthropic) |
| SMS | Twilio |
| Email Delivery | Twilio SendGrid |
| File Storage | MinIO (self-hosted object storage) |
| Frontend Dashboard | Next.js 14 (App Router) |
| Infrastructure | Docker Compose + nginx (TLS termination) |
Key Engineering Decisions
- Fully async architecture: The backend is built entirely with async Python (FastAPI + asyncpg + SQLAlchemy async). The Vapi LLM endpoint uses Server-Sent Events (SSE) — the AI call streams tokens in real time. A synchronous architecture would block one worker per active call; the async design handles 20+ concurrent live calls on a single server.
- Celery task isolation: Report generation and call scheduling run on separate Celery queues with different priority levels. This ensures a surge in incoming call completions never delays the 10-minute report SLA. Workers are configured with
acks_late=Trueand idempotency guards so tasks can be safely retried after a crash without generating duplicate reports. - Self-hosted object storage: All PHI files — transcripts, reports, intake documents — are stored in MinIO, a self-hosted S3-compatible object store running in the same Docker network as the backend. No PHI leaves the server to a third-party file storage provider. Files are accessed via time-limited presigned URLs (1-hour expiry). Backups are GPG-encrypted and rotated daily/weekly.
- Retry and resilience logic: The call scheduler retries failed attempts with exponential backoff and hard cutoffs (5 PM Day −2, end of Day −1). The report pipeline retries translation and generation tasks up to 3 times with configurable backoff. Every idempotent operation uses database-level conflict guards (
ON CONFLICT DO NOTHING) to ensure correctness across retries.
HIPAA Compliance Architecture
Healthcare software requires a higher bar than most. Every architectural decision — how tokens are stored, how files are accessed, how logs are written, how backups are encrypted — was made with HIPAA in mind from day one:
- Every PHI-touching API endpoint writes to an audit log (user, action, patient ID, timestamp, IP)
- All data encrypted in transit (TLS via nginx) and at rest (MinIO server-side encryption + encrypted backups)
- JWT tokens expire in 15 minutes; refresh tokens rotate on every use and are blacklisted in Redis on logout
- Frontend enforces 30-minute inactivity auto-logout
- Rate limiting enforced at the API layer with Redis-backed shared counters across all workers
- Password policy meets HIPAA Security Rule requirements
- Minimum-necessary access patterns enforced at the database and API layers
Results
Why It Was Hard
Conversation design at the LLM layer
The hardest part wasn't the infrastructure — it was making the AI actually useful as a clinical interviewer. Patients give vague, non-linear answers. They conflate injuries, mix dates, and use lay terms for medical concepts. The Claude prompts powering the conversation were carefully engineered to:
- Keep the patient on topic without feeling rushed
- Probe incomplete answers with natural follow-ups
- Handle "I don't know" and "the lawyer said not to discuss that" gracefully
- Extract structured data (ICD-adjacent body part codes, injury date ranges, medication names) from conversational responses
The same Claude integration that drives the live call also powers post-call report generation — reading the raw transcript and producing a formatted clinical narrative that mirrors the structure a physician expects to see.
Intake document extraction
Many patients arrive with prior medical records, insurance forms, or hand-written intake sheets. The system allows staff to upload these files and uses Claude to extract structured clinical fields automatically — accident date, body parts injured, prior providers, current medications, and more. This eliminated a parallel manual data-entry step that previously ran alongside the intake call workflow.
Building for HIPAA without a compliance team
Every architectural decision — how tokens are stored, how files are accessed, how logs are written, how backups are encrypted — had to be made with HIPAA in mind. Compliance was built into the architecture from day one rather than retrofitted: audit logs, encryption at rest and in transit, minimum-necessary access patterns, and automatic session termination are all structural, not bolted on.
Admin Dashboard
The Next.js 14 dashboard gives clinic staff and administrators full visibility into the automated system:
- Patient management (add, edit, view intake status)
- Call history and per-patient attempt logs
- Report viewer with PDF and Word document download
- Prompt tuning interface for customizing the AI's interview questions
- SMS log viewer
- Analytics dashboard (call completion rates, report delivery times)
- User management with role-based access control
FAQ
Is the system HIPAA compliant?
Yes. Every PHI-touching API endpoint writes to an audit log. All data is encrypted in transit (TLS via nginx) and at rest (MinIO server-side encryption + GPG-encrypted backups). JWT tokens expire in 15 minutes; refresh tokens rotate on every use and are blacklisted in Redis on logout. The frontend enforces a 30-minute inactivity auto-logout. Rate limiting is enforced at the API layer with Redis-backed shared counters across all workers.
What happens if the patient doesn't answer the call?
The system retries every 30 minutes until 5 PM on Day −2, then resumes all-day retry on Day −1. Every attempt is logged. Retry stops automatically once a completed interview is recorded. No manual follow-up is required from clinic staff.
Can it handle Spanish-speaking patients?
Yes. If the patient speaks Spanish during the call, the transcript is automatically translated to English before report generation using Claude. No bilingual staff involvement is required at any point in the workflow.
Can the interview questions be customized?
Yes. The admin dashboard includes a prompt tuning interface that allows authorized staff to adjust the AI's interview questions and follow-up logic — without touching code. Changes take effect on the next scheduled call.
Where is PHI stored?
All PHI — transcripts, clinical reports, uploaded intake documents — is stored in MinIO, a self-hosted S3-compatible object store running on the same private Docker network as the backend. No PHI is sent to third-party file storage providers. Files are accessed via time-limited presigned URLs that expire after 1 hour.