CleverAnswerAI — HIPAA-compliant AI voice receptionist live in 20+ dental offices
A dental network needed a voice AI that could answer every call, book into Dentrix and Open Dental, and keep PHI inside a covered boundary. Commercial voice-AI platforms failed HIPAA review. We self-hosted LiveKit on a BAA-covered stack. A year in production, zero incidents.
Client
Multi-location dental group. 20+ offices across the US and Canada, ~160K active patient records, mixed PMS landscape (Dentrix, Open Dental, Eaglesoft, Curve). NDA.
Engagement
14-week build including HIPAA architecture + BAA negotiation. Pilot at one office, rollout to 10, then 20+. Monthly retainer for vocab extensions, PMS updates, compliance audits.
30–40% of dental calls went unanswered. Every one was a patient who dialed the next clinic.
At a typical dental office, the front desk is tied up with the patient in chair, lunch happens, phones ring after hours, and two calls stack up at once. Industry baselines and the client's own analytics pinned their missed-call rate at 30–40%. Voicemail didn't help — most patients don't leave them. Most answering services didn't help either — wooden scripts, couldn't book into the PMS, and HIPAA liability landed back on the clinic anyway.
The network had trialled three commercial voice-AI platforms before calling us. All three failed HIPAA review on the same point: either no BAA, or a multi-tenant audio path where PHI could theoretically co-reside with another tenant's data. None of them integrated directly with Dentrix (no public API) without a weeks-long custom build the vendor wasn't willing to do.
The brief was concrete: HIPAA-compliant with a signed BAA on every vendor, 100% answer rate target, direct booking into Dentrix / Open Dental / Eaglesoft / Curve, keep PHI inside a clinic-controlled boundary, scale to 20+ offices, per-call cost below $0.30.
Self-hosted LiveKit in the client's VPC. Every vendor BAA'd. PMS gateways for systems without APIs.
We designed HIPAA-first from day one. No vendor without a BAA touched a PHI byte. Infra shipped as Terraform, auditor-ready.
Voice infra: self-hosted LiveKit on AWS inside the client's VPC. The commercial platforms we evaluated either couldn't sign a BAA or ran on shared multi-tenant audio paths. We self-hosted LiveKit on AWS with clinic-managed KMS keys, private subnets, and no ingress that wasn't explicitly allowed. Audio never crosses the covered boundary.
STT: Deepgram Enterprise under BAA, with a custom dental vocabulary. Generic STT mis-transcribes half of dental-procedure names. We built a 600-term glossary — procedures (occlusal, endo, SRP), insurance carriers (Delta, MetLife, Aetna PPO), common medications, and abbreviations — and tuned Deepgram's custom vocabulary model on it. Word error rate on 400 live-traffic calls dropped by 38% vs. the generic model.
LLM: Azure OpenAI GPT-4o under BAA, private endpoint, zero data retention. Structured tool calling for every PMS action: check_availability book_appointment modify cancel collect_intake transfer_to_human. Clinical questions refuse and warm-transfer. Explicit safety ceiling.
TTS: ElevenLabs Enterprise (BAA) A/B-tested against Azure Neural. A 60-patient blind panel picked ElevenLabs on warmth and perceived professionalism. The voice is consistent across every clinic in the network — same warmth, same pacing.
PMS integration layer for closed systems. Open Dental and Curve expose APIs — direct integration. Dentrix and Eaglesoft don't. Rather than shove bookings into a shared calendar like most vendors do, we built a Windows-service gateway that runs inside each clinic's LAN and handles availability lookup + atomic booking through the practice's supported integration channels. Two weeks per PMS to build, but booking is atomic: check, hold, confirm, or rollback.
Architecture (data flow)
One year in production across 20+ offices. Zero HIPAA incidents.
Every metric below is a live-traffic aggregate from clinic analytics, audited monthly alongside the BAA review.
Answer rate
Up from ~62% pre-deployment. Zero calls to voicemail across the network in the last 60 days.
New-patient bookings
Measured over the first 90 days post-deployment vs. the trailing 90-day baseline. Same marketing spend.
Offices live
Rolled out in tranches of 5 with shared templates and per-location script variance. Still expanding.
On every vendor
LiveKit host, Deepgram, Azure OpenAI, ElevenLabs, AWS. No PHI leaves the covered boundary.
Avg per call
All-in compute + telephony. Higher than the restaurant case because dental calls run longer and use a heavier vocabulary model.
HIPAA incidents
In 12+ months of production. Every audit-ready evidence packet ships with the system, not after an incident.
The 28% increase in bookings paid for the whole deployment inside the first quarter. But the part I didn't expect was that our front desk actually said thank you — they stopped getting yelled at by patients who couldn't get through.
Four decisions where most voice-AI in healthcare fails HIPAA review.
1. HIPAA-first architecture, not HIPAA-retrofit. We self-hosted from day one. Every vendor BAA'd before a single PHI byte touched the system. Infra documented in Terraform. An auditor can clone the repo and reproduce the environment. Most voice-AI vendors bolt "HIPAA mode" onto a multi-tenant product — reviews eventually catch that.
2. Dental vocabulary tuning — measured, not claimed. Generic STT mis-transcribes procedure names, insurance carriers, and medications. We built a 600-term glossary, tuned Deepgram's vocab model, and ran WER measurement on 400 real calls per location before go-live. A voice agent that mis-hears "endo" as "Indo" is useless in a clinic.
3. PMS gateways for closed systems. Dentrix and Eaglesoft have no public API. Most vendors hand the clinic a shared calendar and call it "integrated." We built a Windows-service gateway per PMS — two weeks each — so booking is atomic. No double-bookings, no lost appointments, no human reconciliation.
4. Human-in-the-loop for clinical triage. The agent refuses any clinical question — "is this tooth pain an emergency," "should I take more ibuprofen" — and warm-transfers to a human on-call. Explicit safety ceiling. We'd rather the agent say "I'm going to get someone" than improvise.
From HIPAA architecture doc to 20+ offices in 14 weeks.
- Week 1–2
Discovery + HIPAA architecture doc
BAA negotiation with each vendor in parallel. Infra architecture review with the clinic's compliance officer before any code shipped.
- Week 3–4
Self-hosted LiveKit on AWS
Terraform'd from day one. Clinic-managed KMS keys. Private subnets, no unexpected ingress. Auditor-ready evidence packet.
- Week 5–6
Dental vocabulary build + Dentrix gateway
600-term glossary. Deepgram vocab tuning. Windows-service gateway for the Dentrix PMS. WER validation on live audio.
- Week 7–8
Pilot go-live in shadow mode
Agent answered every call alongside the front desk on one location. Daily diff review. Zero patient exposure until the agent cleared the edge-case review.
- Week 9–10
Pilot cutover + second location
First office on primary. Second location added with the shared template. Script variance per regional dialect and insurance mix.
- Week 11–14
Rollout to 10 offices
Tranches of 5. Per-office script tuning, PMS integration variance, new vocab terms as procedures varied by practice.
- Ongoing
Monthly retainer
PMS version updates, vocab extensions, compliance audits, per-call analytics review. Quarterly BAA reconciliation.
Other production voice and agent work.
One 20-minute call for clinic operators.
We'll look at your PMS, your call volume, your compliance posture, and tell you whether an AI receptionist ships. If it doesn't, we'll say so.