Repliant for Healthcare

Patient conversations, handled with the care compliance demands.

Repliant runs voice and messaging across the patient access surface — the scheduling line, MyChart messages, the after-hours nurse triage queue, the post-discharge follow-up call — connected natively to Epic Cadence, Oracle Health Millennium, Athenahealth, and Salesforce Health Cloud. Every conversation is HIPAA-scoped at the tool layer, with PHI boundaries enforced per patient context — auditable down to the field the agent wrote to in the chart.

Built for hospital systems and multi-specialty groups running Epic, Oracle Health, Athenahealth, and Salesforce Health Cloud.

PATIENT ACCESS · LIVE HIPAA · scoped · 1 patient context
14:02

PATIENT · Hi, I need to book a follow-up with Dr. Asari and also get my levothyroxine refilled.

14:02

REPLIANT · Of course, Mira. I see your last visit with Dr. Asari was on March 4. Your levothyroxine 50 mcg is eligible for an auto-refill — I've routed it to your Walgreens on Beacon Street. For the follow-up, Dr. Asari has these open slots:

DR. ASARI · ENDOCRINOLOGY · NEXT 10 BUSINESS DAYS

MONTUEWEDTHUFRI
open · 12 slots filtered · in-network · Aetna PPO
14:03

PATIENT · Tuesday morning works. Earliest one.

14:03

REPLIANT · Booked — Tue Mar 11, 8:40 am, room E-204. Eligibility verified through Availity. I've written the appointment to your chart and sent a MyChart confirmation. Refill on its way.

epic cadence · write-through surescripts · refill availity · eligibility baa · in force
↑ one patient context · one auditable thread · two systems written

The industry reality

Patient access is the front door — and it has been understaffed for a decade.

A patient calls the central scheduling line on a Tuesday at 10:17. They are returning their primary-care provider's call about a borderline A1C. The hold message says the average wait is 17 minutes. They hang up at minute six. They will not call back this week. By the time anyone notices in the patient-access dashboard, the diabetic-management cohort has missed another forty-eight outreach attempts. Their no-show rate climbs another two-tenths of a point.

Across a system of 3.2M patients and 14 hospitals, the central scheduling team is running 38% short on FTEs against last year's plan. The third-next-available appointment for cardiology sits at 42 days. After-hours triage is being absorbed by an outside answering service whose nurses do not have a license to see the chart. The MyChart inbox is fifteen thousand unread.

And then the part nobody puts on a slide: prior-authorization callbacks. The fax is still the fax. Availity statuses still resolve to "pending." Surgical schedules slip because a coverage determination from an out-of-state Blue plan didn't make it back to the scheduler before Friday. Your revenue-cycle leader has a graph of denials that they show only to the CFO.

The economics are not the only problem. The risk is. One staff member who reuses a script across three patients without re-verifying identity is a Notice of Privacy Practices violation away from your name in the OCR breach portal.

Repliant is the agent layer that absorbs the patient-access surface — scheduling, refills, prior auth, post-discharge — without leaking PHI, missing a Joint Commission patient-rights standard, or letting the MyChart inbox grow another digit. The system you already chose to standardize on stays where it is. We slot in beside it.

What Repliant handles for healthcare.

Five named workflows. Each one is measured against third-next-available, no-show rate, denial rate, or 30-day readmission — the lines your operations and revenue-cycle committees read each Monday.

WORKFLOW 01 · access.schedule_with_eligibility

Appointment scheduling against Epic Cadence — with eligibility on the same call.

Repliant answers the scheduling line, reads decision-tree rules out of Cadence (provider, modality, visit type, age, language, ZIP), checks insurance eligibility through Availity in the same turn, applies referral and authorization requirements where they exist, and writes the appointment to the chart. Patients can self-serve the full booking in under three minutes — including the rescheduling logic Cadence's CDR rules already encode but your IVR cannot speak.

Typical outcome · 42 → 11 days · third-next-available · cardiology

Third-next-available · days · cardiology · 90-day rolling

DAYS D0D45D90 SYSTEM TARGET · 14 days → 42 days 11 days repliant live · primary care extended to specialty

WORKFLOW 02 · rx.refill_triage

Prescription refill triage that respects the controlled-substance line.

Patient calls or messages for a refill. Repliant verifies identity against the chart, reads the active medication list out of Epic / Cerner, classifies the request — auto-refill eligible, requires provider review, controlled substance — and routes accordingly. DEA Schedule II requests never resolve without provider sign-off; PDMP queries run where required by state. Surescripts handles transmission. The agent does not invent dosages, alternatives, or interactions. Provider gets a clean Inbox queue, not a queue of triage.

Outcome · −68% nurse-line refill calls · routed to provider only when policy requires

Refill triage decision · per inbound request

verify · med list read classify maintenance · auto PRN · review CIII–V · PDMP CII · provider hold Surescripts to Inbox to Inbox in-visit only

WORKFLOW 03 · pa.callback_payor

Insurance prior-authorization callbacks that don't sit in fax purgatory.

Prior auth is the work that breaks surgical schedules and breaks revenue-cycle teams. Repliant places the outbound call to the payor (and on networks that support it, the Da Vinci CRD / PAS APIs), navigates the IVR, reads back the case detail, captures the determination with the auth number and effective dates, and writes it to the order in Epic / Cerner. When the payor requests clinical documentation, Repliant routes the request to the clinical team with the exact LCD / NCD reference attached.

Outcome · 38h → 6h median PA turnaround · oncology infusion · multi-site cohort

Prior-auth turnaround · hours · request → determination

PRE-REPLIANT PILOT · 1 PAYOR PRODUCTION · 12 PAYORS 38 h · median 14 h 6 h P95 also reported · auth-required surgical cases · no peer-to-peer included in window

WORKFLOW 04 · discharge.followup_readmit

Post-discharge follow-up, targeted by readmission risk.

Repliant calls every discharged patient on day two, prioritized by your readmission-risk model (LACE+, Epic CMS HOS-A, or your data-science team's own). The agent works through a structured assessment — medication reconciliation, red-flag symptoms, follow-up appointment confirmed, transportation, equipment delivery — and escalates to a nurse on any positive flag. Documentation is written back to the chart against the CMS Transitional Care Management codes (99495/99496) where billable.

Outcome · −2.1 pp 30-day readmission · CHF cohort · vs. risk-matched control

Day-2 outreach · n = 38,402 discharges · 6-mo

DISCHARGED D2 CALL · ANSWERED ASSESSMENT COMPLETE RED FLAG · NURSE TCM CODE WRITTEN 38,402 34,901 · 91% 32,488 · 84% 2,201 30,142 · 99495/99496

WORKFLOW 05 · revcycle.balance_with_financial_assistance

Self-pay balance — with financial assistance, not collections threats.

Patient calls about a bill. Repliant explains the charges in plain language, applies any post-service insurance adjustment that hasn't yet posted, screens for financial-assistance eligibility per your 501(r) policy, and either books a payment plan, enrolls the patient in charity care, or transfers to a financial counselor — never to a collector. The call is recorded under your existing consent flow. The agent does not pressure. Your No Surprises Act good-faith estimate stays the boundary.

Outcome · + 23% point-of-service collection rate · with FAP enrollment up 41%

Self-pay call outcome mix · last 90 days · n = 41,108

PAID IN FULL PAYMENT PLAN FAP / CHARITY CARE FINANCIAL COUNSELOR DISPUTE / RE-BILL 31% 41% 14% 9% 5%

Built to live inside the EHR your clinicians already use.

Repliant reads from and writes to your chart through the same FHIR R4 endpoints, HL7 v2 interfaces, and vendor-specific APIs your interface team already maintains — under the BAA you already have.

EHR · clinical

FHIR R4 · HL7 v2 · vendor APIs

Epic

Cadence · MyChart · Hyperspace

Oracle Health

Cerner Millennium · PowerChart

Athenahealth

athenaClinicals · athenaOne

Meditech

Expanse

NextGen · eCW

ambulatory

Patient-facing · CRM

scheduling · intake · journey

SF Health Cloud

care coordination

Phreesia

digital intake

Luma · Notable

patient activation

Veeva CRM

referral · life sci

Twistle · Get Well

care navigation

Revenue cycle · eligibility · pharmacy

eligibility · claims · Rx

Change Healthcare

clearinghouse · ERA

Availity

eligibility · auth

Waystar

rev-cycle platform

Surescripts

e-prescribing

CoverMyMeds

Rx prior auth

Voice · contact center · identity

PSTN · SMS · IDP

Genesys Cloud CXi

IVR · routing

Five9 · NICE

CCaaS

Twilio · Vonage

voice · SMS · BAA

Imprivata · Okta

single sign-on

DirectTrust

secure messaging

For systems still running Meditech Magic, custom HL7 v2 interfaces written by an analyst who has since retired, or a regional EHR that pre-dates SMART on FHIR, Repliant integrates via a signed gateway with batched-write semantics — and an HL7 listener that does not require your interface engine to add another inbound channel. We have shipped against EHR instances older than ARRA HITECH.

Compliance & guardrails

Compliance on demand. Built for the reviews your committee runs.

Healthcare compliance is not a banner on a marketing page. Repliant ships with policy expressed as guardrails the agent cannot bypass, BAAs executed before kickoff, and audit trails your privacy officer can review in one sitting — aligned to the frameworks your security and compliance teams already use.

DESIGNED FOR

HIPAA · HITECH

ALIGNED TO

HITRUST CSF

AUDIT-READY

SOC 2 program

ALIGNED

42 CFR Part 2

ALIGNED

ONC · Info Blocking

ALIGNED

TCPA · outreach

Regulator awareness: OCR Privacy & Security Rule audit protocol · Joint Commission patient-rights standards · CMS Conditions of Participation · state CMIA (CA) · SHIELD (NY) · TX HB300 · TCPA healthcare-call exemption boundaries.

Industry-specific guardrails

  • PHI BOUNDARY Protected health information is scoped per tool and per authenticated patient context. The agent cannot read a chart it was not given. Cross-patient disclosure is impossible by construction, not by policy.
  • MINIMUM NECESSARY Tool calls are scoped to minimum-necessary fields. The scheduling workflow does not read the problem list. The billing workflow does not read clinical notes. Privacy review is performed once per tool, not once per conversation.
  • 42 CFR PART 2 Substance-use-disorder records are flagged at the FHIR resource level and excluded from agent context unless the patient has executed a Part 2 consent — verified against your consent registry on every read.
  • CLINICAL HONESTY The agent quotes only from your formulary, your provider directory, and your fee schedule. It does not invent a dosage, a drug interaction, a diagnosis code, or a coverage rule. Unknown questions route to a human.
  • CLINICIAN-IN-LOOP DEA Schedule II refills, narcotic-related discussions, abnormal lab counseling, and any symptom assessment indicating red flags hold until a licensed clinician is on the call. No agent message provides clinical interpretation.
  • TCPA · OUTBOUND Healthcare-call exemption boundaries are enforced — appointment reminders and treatment-related calls only. Marketing requires recorded opt-in. Quiet hours, STOP / HELP keywords, and per-state restrictions enforced at the channel layer.
  • CALL RECORDING Stored under your KMS, in your region, on the retention schedule your privacy officer has approved. PII / PHI redacted pre-LLM. Right-to-amend and right-to-access workflows attached to the same record.
  • ESCALATION · EMERGENCY If a patient describes a life-threatening symptom, the agent stops the workflow and directs to 911 with the local PSAP routing your system has on file. The agent does not triage acute presentations.

What to expect

From signed BAA to live in clinic in 12–14 weeks.

Healthcare deployments take longer than retail and roughly as long as BFSI. The security and privacy reviews are serious. They should be. Most of the extra weeks are spent waiting for your privacy officer, your CMIO, and your second-line auditor — not on integration. We work at a pace your compliance committee can sign off on.

W1 W3 W5 W8 W11 W13 W14 · GA BAA · DISCOVERY EHR · INTEGRATION SECURITY · PRIVACY UAT · CLINICIAN PHASED ROLLOUT BAA · scope · privacy officer + CMIO FHIR + HL7 wired · sandbox patient OCR-style risk assessment · security review privacy · security · CMIO signoff UAT · clinician review · 17 languages 1 clinic · then service line · then enterprise GA · ongoing optimization

FAQ

Questions healthcare buyers actually ask.

If yours isn't here, your AE will get it answered — by someone on our clinical or compliance team — before your second meeting.

Is the agent ever giving clinical advice — and if not, where exactly is the line?

No. Repliant handles administrative and logistical conversations — scheduling, refills against your active list, prior-auth callbacks, post-discharge structured assessments, billing, financial assistance. Symptom triage, dosage adjustment, abnormal lab interpretation, and any conversation tagged "clinical" by your policy holds until a licensed clinician is on the call. The agent will say, in plain language, that it cannot interpret a symptom and will route to a nurse. Most systems run this as a hard wall, not a configurable threshold.

Can it actually write back to Epic / Cerner, or just read? Our analyst team is asking.

Both. Native read/write through FHIR R4 (US Core), HL7 v2 where FHIR coverage is incomplete, and vendor-specific APIs where they're current. The agent operates within scoped tools — it can book an appointment in Cadence, post a charge-corrected balance in Hyperspace billing, file a TCM-coded follow-up note (99495/99496) under the configured proxy provider, or push a prior-auth status to the order. It cannot, for example, edit a clinical note or change a problem-list entry. Scope changes flow through your existing Epic / Cerner change-management process and your interface team's QA.

How does this handle 42 CFR Part 2 records? Half our population sees behavioral health.

Substance-use-disorder records are flagged at the FHIR resource level (or HL7 segment level on legacy interfaces) and excluded from the agent's context window by default. If the patient has executed a Part 2 consent — verified against your consent registry on every read — the relevant resources become accessible to the workflow that consent covers, and no broader. The patient's right to revoke is wired to your existing consent management. A Part 2 disclosure log is part of the standard audit export.

What about hallucinated coverage rules or invented dosages? My CMO will not move past this.

The agent quotes only from your formulary, your provider directory, your fee schedule, and your eligibility responses — never from training data. Dosages are not produced by the model; they are read from the active medication list. Coverage rules are read from Availity / payor responses, not summarized from training. Where the model does not have a deterministic answer, it says so and routes to a human. We can walk your CMO through the prompt-construction policy and the tool-grounding contract in a single session.

TCPA — can it actually make outbound calls about appointments without exposing us?

Yes — within the healthcare-treatment exemption. Outbound is restricted to appointment reminders, post-discharge follow-up, refill confirmation, prior-auth and care-coordination contacts. Marketing requires recorded opt-in. Quiet hours, STOP / HELP keywords, frequency limits, and per-state restrictions are enforced at the channel layer. The agent does not initiate outbound to a number without a documented consent record — and the record is exportable for plaintiff-defense purposes.

What happens when a patient describes chest pain or suicidal ideation on a routine call?

The workflow stops. The agent acknowledges the patient with the protocol your clinical team has approved (typically a Joint Commission–aligned script), directs to 911 or 988 with the local PSAP routing on file, and — if the patient is willing — stays on the line until handoff to emergency services or a crisis clinician. The encounter is flagged in the chart with a "red-flag escalation" disposition for clinical review. We do not triage acute presentations. The agent does not provide reassurance, advice, or interpretation.

We have a BAA template our legal team wrote. Will you sign it, or do you push your own?

We sign yours. Repliant has executed BAAs against the templates of 11 health systems, including three integrated delivery networks with bespoke breach-notification windows tighter than the HIPAA default. Our standard BAA is available if you would prefer it. Subcontractor BAAs (LLM hosting, telephony, KMS) are in force and disclosed in the BAA exhibit before kickoff.

What's in the audit trail and can our privacy officer actually use it in an OCR review?

Every session emits a signed, immutable record: channel, patient context, tools called with arguments, policies evaluated, the PHI scope read, the chart fields written, the model trace, and the final disposition. Records are exportable to your existing GRC (ServiceNow IRM, MetricStream, RSA Archer) on whatever schedule your privacy officer configures. We have walked health systems' privacy officers through OCR-style audit samples in fifteen minutes. Right-to-access and right-to-amend workflows are wired to the same record.

Repliant for Healthcare

Your patients should not be hanging up at minute six.