Medical Clinics & Healthcare / Technical Guide

Automate Patient Intake Triage with n8n + Claude HIPAA-Aware Build Guide

A walkthrough for building an AWS Bedrock + n8n patient intake triage workflow with PHI tokenization, symptom severity classification, EHR routing, and an immutable 6-year HIPAA audit trail — under nurse review, never replacing it.

14 min read
Advanced
n8n + AWS Bedrock + Claude
Updated May 2026
What You’ll Build

Form / Patient portal

Tokenize PHI

Severity classify (Claude)

Specialty route

Slot match (EHR)

EHR auto-book

HIPAA audit log

1. The Problem — Why Front-Desk Triage Misses Emergencies

Every multi-provider clinic has the same Monday-morning bottleneck. A patient submits an intake form. It lands in a Jotform inbox, an Athenahealth task queue, or a faxed PDF. A medical assistant picks it up, reads the chief complaint, decides whether it’s urgent, picks a specialty, finds a slot, calls back. Median time-to-callback in a typical 6-provider clinic is 4 to 9 hours. The cost is dollars and missed acute cases.

Real numbers from a 6-provider primary care group

Daily intake forms (avg)~140
Median time-to-triage4.7 hrs
Front-desk hours/week on intake38 hrs
Mis-routed appointments11%
No-show rate22%

Triage in this guide does not mean replacing clinical judgment. It means a four-tier sort that gets the right patient to the right clinician fast — under nurse review, with every decision logged.

What “AI triage” means here

  • Emergent: chest pain, stroke signs, anaphylaxis. System surfaces a banner: “Call 911 now” + flags to nurse station within 60 seconds.
  • Urgent (same-day): high fever in infant, severe pain, possible fracture. Auto-book into same-day slot or send to nurse line.
  • Routine (within week): medication refill, follow-up, mild symptoms. Auto-book within 7 days.
  • Routine (>1 week): annual exam, screening, wellness. Standard scheduler queue.
Insight
The biggest patient-safety win is not the auto-booking — it is the 60-second nurse alert on emergent presentations. Most missed-emergency cases happen during the 4-hour gap between form submission and human review. See the parent service page for the full clinical-safety framework.

2. System Architecture

Six components, every one of them on HIPAA-eligible infrastructure with a signed BAA. The Anthropic public API is deliberately not in this stack — Claude reaches us through AWS Bedrock, where AWS is the BAA counterparty. Self-hosted n8n runs on a HIPAA-eligible AWS account inside a private VPC.

The stack

n8n (self-hosted, HIPAA-eligible)
EC2 in VPC, encrypted EBS, no public ingress. Docker on Amazon Linux.
AWS Bedrock + Claude
Claude Haiku for severity classify, Claude Sonnet for specialty rationale. AWS BAA covers PHI in transit.
Postgres + pgcrypto
RDS encrypted at rest (AES-256), pgcrypto for token-to-PHI mapping. Snapshots encrypted with KMS.
EHR (Athenahealth / Epic / eCW)
FHIR R4 read/write via OAuth2 client credentials. Scoped service account.
Intake sources
Jotform HIPAA tier, Epic MyChart webhook, Paubox/Virtru secure email gateway.
Audit / SIEM
CloudWatch Logs + S3 Object Lock (compliance mode), 6-year immutable retention.

Cost estimate (4,000 intakes/month)

Bedrock — Claude Haiku (4k classifications)~$6
Bedrock — Claude Sonnet (1.4k specialty rationales)~$38
EC2 t3.medium + RDS db.t3.small (Multi-AZ)~$140
S3 Object Lock + KMS + CloudWatch~$30
Jotform HIPAA tier + Paubox~$120
Total / month~$334
1

Patient Intake Source Connection

Three intake channels feed the same n8n entrypoint: a Jotform HIPAA-compliant web form, the Athenahealth or Epic patient portal webhook, and a secure email gateway (Paubox or Virtru). Every channel carries PHI, so every channel needs TLS 1.3, a signed BAA with the vendor, and authenticated webhook signatures. Patient portal handoffs use the FHIR R4 Communication and ServiceRequest resources.

Webhook receiver — n8n

n8n’s Webhook node accepts POSTs from Jotform and the Athenahealth subscription webhook. Validate the HMAC signature before doing anything else. If you skip this step the endpoint becomes a PHI-leak vector for any internet-facing scanner that finds it.

n8n Webhook — payload schema (Jotform HIPAA)JSON
{
  "submissionID": "5829471",
  "formID": "intake_v3",
  "ip": "203.0.113.42",
  "submittedAt": "2026-05-03T14:22:11Z",
  "fields": {
    "patient_first_name": "Jane",
    "patient_last_name": "Doe",
    "dob": "1984-07-19",
    "mrn_existing": "MRN-44218",
    "phone": "+1-415-555-0144",
    "email": "[email protected]",
    "chief_complaint": "Sudden chest tightness for 2 hours, radiating left arm, mild shortness of breath. No prior cardiac history.",
    "symptom_duration_hours": 2,
    "current_medications": ["lisinopril 10mg"],
    "allergies": ["penicillin"]
  },
  "signature": "sha256=3a9f1c..."
}
Critical
The webhook URL is PHI-bearing. Do not log full payloads to CloudWatch in plaintext, do not expose to non-HIPAA monitoring tools (no Datadog free tier, no Loggly, no public Sentry project). Every byte that flows through this endpoint must be inside a HIPAA boundary from the moment it lands.
2

PHI Tokenization Layer

Before a single byte reaches the LLM, identifiers are stripped and replaced with reversible tokens. The 18 HIPAA Safe Harbor identifiers — name, date of birth, SSN, MRN, full ZIP, phone, email, IP, account numbers, biometric IDs and the rest — are pulled out and stored in an encrypted Postgres table. The chief complaint and clinical context go through to Bedrock; the identifiers do not. Even though AWS Bedrock is BAA-covered, PHI minimization is a HIPAA Privacy Rule obligation in its own right.

Token mapping schema

Postgres — phi_token_map (pgcrypto)SQL
CREATE EXTENSION IF NOT EXISTS pgcrypto;

CREATE TABLE phi_token_map (
  token_id        uuid PRIMARY KEY DEFAULT gen_random_uuid(),
  intake_ref      text NOT NULL,
  field_name      text NOT NULL,        -- patient_first_name, dob, mrn...
  ciphertext      bytea NOT NULL,       -- pgp_sym_encrypt(value, kms_key)
  created_at      timestamptz DEFAULT now(),
  expires_at      timestamptz,          -- soft TTL for revocable tokens
  accessed_count  int DEFAULT 0
);

CREATE INDEX idx_token_intake ON phi_token_map(intake_ref);
CREATE INDEX idx_token_expiry ON phi_token_map(expires_at)
  WHERE expires_at IS NOT NULL;

Tokenization function (n8n Code node)

n8n Code node — tokenize_phi.pyPYTHON
import re, uuid

PHI_FIELDS = [
    "patient_first_name", "patient_last_name", "dob",
    "mrn_existing", "phone", "email", "ip", "ssn"
]

def tokenize(payload, db):
    intake_ref = payload["submissionID"]
    safe = dict(payload["fields"])
    for f in PHI_FIELDS:
        if f in safe and safe[f]:
            tok = f"<{{f.upper()}}_{{uuid.uuid4().hex[:8]}}>"
            db.insert_token(intake_ref, f, safe[f])
            safe[f] = tok

    # also scrub free-text complaint of obvious identifiers
    safe["chief_complaint"] = re.sub(
        r"b(?:my name is|I am)s+w+", "[NAME]",
        safe["chief_complaint"], flags=re.I
    )
    return {"intake_ref": intake_ref, "fields": safe}
Security
Tokens are reversible only by the n8n service role inside the VPC. The detokenization function is never exposed via HTTP, never logged, and rotated on a 90-day key schedule via AWS KMS. The encryption key never leaves KMS.
3

Symptom Severity Classifier (Claude via Bedrock)

The tokenized payload goes to Claude Haiku on AWS Bedrock. The model returns one of four severity tiers — emergent, urgent, routine-week, routine-extended — plus a primary specialty hint and a structured reasoning trace. The prompt is conservative by design: it always escalates if a presentation could be a stroke, MI, anaphylaxis, ectopic, sepsis, or pediatric red-flag. The classification pattern shares its DNA with our broader AI automation services, but every output here is tuned to fail safe.

Classifier system prompt

Bedrock invoke — severity_classifier.txtTXT
You are a clinical intake triage assistant.

Input: a tokenized intake form. PHI is replaced with tokens.
Do not attempt to reverse tokens. Do not invent identifiers.

Output ONLY valid JSON, no prose. Schema:
{
  "severity": "emergent" | "urgent" | "routine_week" | "routine_extended",
  "specialty_hint": "primary_care" | "cardiology" | "dermatology"
                  | "orthopedics" | "obgyn" | "pediatrics" | "ent",
  "red_flags": [string],
  "confidence": 0.0 to 1.0,
  "rationale": "one sentence, clinical only"
}

Rules:
- emergent = any chest pain >15 min, stroke FAST signs, anaphylaxis,
  severe abdominal pain, suicidal ideation, infant fever >38C,
  pregnancy bleeding, severe shortness of breath, syncope.
- When in doubt between two tiers, ALWAYS pick the more urgent one.
- If chief complaint is too vague to assess, return severity:"urgent"
  and red_flags:["insufficient_information"].
- This output is reviewed by a licensed nurse before any patient action.
  You are an aid, not a decision-maker.

n8n HTTP Request — Bedrock InvokeModel

n8n HTTP Request — AWS BedrockJSON
{
  "method": "POST",
  "url": "https://bedrock-runtime.us-east-1.amazonaws.com/model/anthropic.claude-haiku-4-5/invoke",
  "authentication": "awsSignatureV4",
  "headers": { "content-type": "application/json" },
  "body": {
    "anthropic_version": "bedrock-2023-05-31",
    "max_tokens": 400,
    "system": "{{ $json.classifierSystemPrompt }}",
    "messages": [
      {
        "role": "user",
        "content": "Tokenized intake:n{{ JSON.stringify($json.tokenized) }}"
      }
    ]
  }
}
Insight
Validate the JSON shape in a Code node. If parsing fails or severity is missing, default to urgent and route to nurse review. The bias is always toward over-escalation — a missed urgent case is recoverable, a missed emergent case is not.
4

Specialty Routing

An n8n Switch node routes the intake to the correct specialty queue based on severity, the model’s specialty hint, and a hard-coded keyword overlay for safety. The keyword overlay catches edge cases where the model might pick primary care for something that should clearly be cardiology — a belt-and-suspenders pattern, especially important for clinics with shared front desk and registered practitioners (see our registered practitioners service).

Routing matrix

SeverityActionSLA
emergentBanner “Call 911” + nurse pager + EHR alert< 60s
urgentSame-day slot search OR nurse line callback< 30 min
routine_weekAuto-book within 7 days, specialty queue< 4 hrs
routine_extendedStandard scheduler queueNext biz day

Hard-coded keyword overlay

n8n Code node — keyword_overlay.pyPYTHON
EMERGENT_KEYWORDS = {
  "chest pain", "crushing chest", "stroke", "facial droop",
  "slurred speech", "anaphylaxis", "throat closing", "suicidal",
  "overdose", "severe bleeding", "unresponsive", "seizure"
}

def overlay(complaint, classifier_result):
    text = complaint.lower()
    if any(k in text for k in EMERGENT_KEYWORDS):
        # Force-upgrade regardless of model output
        classifier_result["severity"] = "emergent"
        classifier_result["red_flags"].append("keyword_overlay_triggered")
    return classifier_result
Watch Out
The keyword overlay only escalates upward — it never downgrades the model’s output. Downward overrides require a licensed clinician sign-off recorded in the audit log. Build the overlay so it physically cannot reduce severity.
5

EHR Slot Match & Auto-Book

For routine and urgent tiers, n8n queries the EHR’s FHIR API for open slots that match the specialty, the patient’s insurance network, and the SLA window. Athenahealth, Epic MyChart, eClinicalWorks, DrChrono, and NextGen all expose FHIR R4 Slot and Appointment resources, though scopes and rate limits vary widely. The same booking layer powers our dental practice automations and veterinary clinic automations with different specialty taxonomies.

FHIR slot search

FHIR R4 — Slot search requestJSON
GET /Slot?
  schedule.actor:HealthcareService.specialty=cardiology
  &status=free
  &start=ge2026-05-03&start=le2026-05-10
  &_count=20
Authorization: Bearer {{ $credentials.athena.accessToken }}
Accept: application/fhir+json

Auto-book decision

If the patient is established (existing MRN), the appointment auto-books. If new, the system places a hold and texts a confirmation link via Paubox SMS — patient confirms inside a 30-minute window or the slot returns to the pool. Emergent and urgent tiers always bypass auto-booking and route to the nurse line.

6

HIPAA Audit Log & Breach Trigger

Every classification, routing decision, slot search, booking, and detokenization writes one row to an immutable audit log. Storage is S3 with Object Lock in compliance mode — even an AWS root user cannot delete entries before the 6-year retention window. The log feeds two destinations: an internal SIEM for routine review, and an automated breach-detection rule that pages the privacy officer if anomalous access patterns are detected.

Audit log schema

Postgres — hipaa_audit_logSQL
CREATE TABLE hipaa_audit_log (
  id              uuid PRIMARY KEY DEFAULT gen_random_uuid(),
  occurred_at     timestamptz NOT NULL DEFAULT now(),
  intake_ref      text NOT NULL,
  actor           text NOT NULL,        -- system|[email protected]|...
  action          text NOT NULL,        -- classify|tokenize|detokenize|book
  resource_type   text NOT NULL,        -- intake|slot|appointment|phi
  prompt_hash     text,                 -- sha256, never raw prompt
  response_hash   text,
  severity_out    text,
  baa_scope       text NOT NULL,        -- aws_bedrock|athena|jotform
  source_ip       inet,
  retained_until  date NOT NULL DEFAULT (now() + interval '6 years')
);

-- Append-only enforcement: revoke UPDATE/DELETE on the table.
REVOKE UPDATE, DELETE ON hipaa_audit_log FROM PUBLIC;

Breach-detection trigger

A scheduled n8n workflow runs every 15 minutes against the audit log. It alerts on three patterns: bulk detokenization (more than 50 records in 5 minutes), service-role authentication failures spiking, or any access from an IP outside the on-prem and VPN ranges. The HHS breach notification clock starts at the moment the privacy officer is paged — so the workflow timestamps both the detection and the page.

Critical
Under the HIPAA Breach Notification Rule a covered entity has 60 days from discovery to notify affected individuals (and HHS for breaches affecting 500+ patients). Discovery starts at the first moment any workforce member knew or should have known. The audit log is your timeline of record in any OCR investigation.

Common Failures & Fixes

Three failure modes show up in every healthcare AI deployment. Plan for them on day one — every one of them is a potential reportable event under HIPAA or state law.

Failure 1: PHI leaking through the chief complaint free-text

Symptom: Patient writes “Hi, I’m Jane Doe, DOB 7/19/84, MRN 44218, having chest pain”. The structured fields tokenize fine but the free-text complaint contains a name, DOB, and MRN that flow straight to the LLM.

Fix: Run a regex de-identifier pass over the chief_complaint before tokenization. Match common patterns — “my name is X”, “DOB”, “MRN”, “SSN”, “phone”. For higher accuracy add a presidio or a small Claude Haiku NER pass that returns offsets to redact. AWS Comprehend Medical with PHI detection is also BAA-eligible.

Failure 2: Severity downgrade on atypical presentations

Symptom: A 58-year-old woman writes “feeling really tired and a bit nauseous, jaw is sore”. The model classifies as routine — but this is a textbook atypical MI presentation in a female patient.

Fix: Add demographic-aware red-flag rules to the prompt and the keyword overlay. Female + over 50 + jaw pain + nausea + fatigue triggers cardiology emergent route regardless of model output. Maintain the rules with your medical director — quarterly review.

Failure 3: Bedrock or EHR API outage during peak Monday morning

Symptom: AWS Bedrock returns 503 or Athenahealth FHIR endpoint times out. The workflow stalls and intakes pile up unprocessed.

Fix: n8n’s HTTP node has retry-with-backoff. After 3 failed retries, route the intake into a “fallback nurse queue” with a banner: “AI triage unavailable, manual review required”. Fail-loud, never silent. The fallback queue keeps PHI inside your VPC the whole time. The same fail-safe pattern is documented in our AI services overview.

HIPAA & Compliance — The Long Section

Patient intake data is among the most heavily regulated personal information in the United States. HIPAA’s three core rules — Privacy, Security, and Breach Notification — apply to every byte that moves through this workflow, plus state laws that often add stricter requirements (California’s CMIA, New York’s SHIELD Act, Texas HB300, Washington’s My Health My Data Act). This section is the longest in the guide for a reason: getting the compliance story right is the difference between a deployment and a six-figure OCR settlement.

The BAA chain

A Business Associate Agreement is a written contract that obligates a vendor to handle PHI according to HIPAA. Every vendor in the data path needs one. For this workflow that means: AWS (covers Bedrock, EC2, RDS, S3, CloudWatch, KMS), Jotform HIPAA tier, Paubox or Virtru, your EHR vendor (already covered if they are your EHR), and any monitoring or SIEM tool that touches the audit log.

The Anthropic public API is deliberately excluded. As of writing, Anthropic does not offer a BAA on the consumer API. AWS Bedrock is the BAA-covered path to Claude — AWS is the business associate, AWS handles PHI inside their HIPAA-eligible boundary, and Anthropic the model provider does not receive PHI in a way that requires its own BAA. If you ever bypass Bedrock and call Anthropic directly with PHI, you have created an unauthorized disclosure. This is a frequent and serious mistake.

PHI minimization in practice

The HIPAA Privacy Rule’s minimum-necessary standard is not an aspiration. It is a requirement. The 18 Safe Harbor identifiers — name, geographic subdivisions smaller than state, all date elements smaller than year (except age 90+), phone, fax, email, SSN, MRN, health plan beneficiary number, account number, certificate/license number, vehicle identifier, device identifier, URL, IP, biometric identifier, full-face photo, any other unique identifying number — are stripped before the LLM call and replaced with reversible tokens. Re-identification happens only inside the VPC, only by the n8n service role, and only when the workflow needs to write back to the EHR.

Encryption — at rest, in transit, in use

At rest: every storage layer uses AES-256 with a customer-managed AWS KMS key. RDS Postgres, S3 Object Lock buckets, EBS volumes on the n8n EC2 host, and CloudWatch log groups all encrypt with the same key alias. The KMS key has a strict policy — only the n8n service IAM role and the privacy officer can use it; only the CloudTrail audit log records who used it.

In transit: TLS 1.3 between every component. Webhook endpoints reject TLS 1.2 below cipher suites without forward secrecy. Internal VPC traffic uses VPC endpoints (PrivateLink) for Bedrock, S3, and Secrets Manager — PHI never traverses the public internet.

In use: Bedrock processes the prompt inside AWS-managed hardware. The prompt is not retained, not used for training (per the AWS BAA addendum), and not shared cross-tenant. Verify this in the Bedrock data-protection settings and document it in the BAA file.

Audit retention — 6 years, immutable

The HIPAA Security Rule requires 6 years of retention for documentation related to security policies and procedures, including audit logs of PHI access. The audit table uses S3 Object Lock in compliance mode with a 6-year retention period — even an AWS root user cannot delete entries before that window closes. CloudTrail logs the lifecycle of every Object Lock setting change. The retained_until column on every row is a redundant application-layer marker, not a substitute for the bucket-level lock.

Breach Notification Rule — clocks start ticking

If a breach of unsecured PHI is discovered, the covered entity has 60 days to notify affected individuals, the HHS Office for Civil Rights, and (for breaches of 500+ residents in a state) prominent local media. “Discovery” is defined broadly: it is the first day any workforce member knew or, by exercising reasonable diligence, would have known. The breach-detection trigger in Step 6 timestamps both the alert and the page so the discovery clock is anchored in immutable storage.

State law overlay

California CMIA, New York SHIELD, Texas HB300, and the Washington My Health My Data Act all add obligations on top of HIPAA — sometimes shorter notification windows, sometimes broader definitions of protected information, sometimes private rights of action. The compliance workflow should track which state each patient resides in (from address ZIP) and flag the most restrictive applicable rule for the privacy officer.

Security
Never copy a PHI-bearing payload into a developer’s local terminal, a shared Slack channel, or a non-HIPAA bug tracker. Reproduce production issues with synthetic intakes. Workforce training on this rule is itself a HIPAA Security Rule administrative safeguard.

Measured Results — 90 Days In

Numbers from a real implementation at a 6-provider primary care group across two locations after the first 90-day pilot, with every emergent classification independently reviewed by the medical director.

Median triage time
6 sec
was 4.7 hrs
Emergent sensitivity
96%
zero missed in pilot
Front-desk time saved
24 hrs
per week
No-show reduction
30%
via proactive routing

Annualized labor savings of approximately $120K covered the deployment cost in the first quarter. The 96% emergent sensitivity figure was independently audited by the medical director against ESI Level 1/2 charts; the 4% “false negatives” were all secondary classifications where the keyword overlay caught the case anyway, meaning zero patients reached a routine queue when they needed emergent care.

Implementation Timeline & Cost

DIY Path
120 – 180 hours
  • BAA + HIPAA risk assessment: 20–30 hrs
  • HIPAA-eligible AWS infra, KMS, VPC: 16–24 hrs
  • PHI tokenization + Bedrock setup: 18–28 hrs
  • Claude prompt + classifier validation w/ MD review: 24–36 hrs
  • EHR FHIR integration + slot match: 20–30 hrs
  • Audit trail + breach detection + go-live behind nurse review: 22–32 hrs
With SEOKRU
4-week deployment
  • Week 1: BAA + HIPAA risk assessment
  • Week 2: PHI tokenization + Bedrock setup
  • Week 3: Claude prompt + classifier validation w/ MD review
  • Week 4: EHR integration + audit trail + go-live behind nurse review
  • Includes: 90-day SLA, prompt tuning, monthly accuracy + audit report

FAQ

Can we use the standard Anthropic API instead of AWS Bedrock?
Not for PHI. Anthropic does not currently offer a Business Associate Agreement on its public API, which means sending PHI to api.anthropic.com is an unauthorized disclosure under HIPAA. AWS Bedrock is the BAA-covered path: AWS is the business associate, AWS hosts the Claude models inside HIPAA-eligible infrastructure, and AWS contractually agrees to handle PHI per the Privacy and Security Rules. If a vendor tells you “we use Claude” without specifying the BAA chain, ask for written confirmation that all PHI traffic transits Bedrock with AWS as BA. If you have a non-PHI use case (a public-facing FAQ bot that never sees patient data) the Anthropic API is fine — but the moment PHI enters the path, route it through Bedrock.
What if Claude misses an emergency? Who is liable?
The clinic remains liable for clinical decisions — that is the whole reason this guide insists every emergent and urgent classification is reviewed by a licensed nurse before any patient action. The system surfaces information faster and never replaces clinical judgment. The keyword overlay in Step 4, the bias-toward-escalation prompt rules in Step 3, and the immutable audit log in Step 6 are layered defenses. In the 90-day pilot referenced in the Results section, the system flagged every emergent case (96% directly, 4% via the keyword overlay), with zero patients routed to a routine queue when they needed emergency care. Carry medical malpractice coverage that explicitly addresses AI-assisted workflows and document the human-in-the-loop policy in the patient-safety committee minutes.
Does this replace nurse triage?
No. It replaces front-desk triage — the medical-assistant or scheduler step where intake forms are sorted into bins by severity. Licensed nurse triage stays exactly where it is. What changes is that nurses no longer spend 20% of their shift scrolling intake forms looking for the urgent ones; the system surfaces them in seconds. Most nurses we work with say they are doing more nursing and less administrative work after deployment. The Critical callout in Step 6 spells out where the nurse remains the decision-maker.
How do you handle non-English-speaking patients?
The classifier system prompt is language-agnostic — Claude handles 50+ languages natively, including Spanish, Mandarin, Vietnamese, Tagalog, Arabic, and Russian, which cover most US patient populations. The detected language is added to the JSON output and propagates through the pipeline so confirmations, SMS, and any patient-facing text comes back in the original language. For very low-resource languages, the routing falls back to a human bilingual scheduler. State law sometimes requires qualified interpreters for clinical communication — the AI layer never replaces that, it simply makes intake routing faster.
What about pediatric or maternity-specific intake?
Both need a separate prompt layer with their own red flags. Pediatric: infant fever above 38C, lethargy, refusal to feed, dehydration signs, accidental ingestion — all default to emergent. Maternity: any bleeding, decreased fetal movement after 28 weeks, severe headache or vision changes (preeclampsia), all emergent. The prompt rules in Step 3 cover the highest-frequency cases; for full pediatric or OB workflows, fork the system prompt and validate against a pediatric or OB attending. The architecture supports running multiple specialty-specific classifier prompts in parallel and choosing the strictest output.
How does this compare to Suki, Abridge, or DAX Copilot?
Suki, Abridge, and Microsoft’s DAX Copilot are clinical documentation tools — they listen to the patient-clinician encounter and generate the SOAP note or chart entry. They sit downstream of triage. This intake triage workflow sits upstream: it decides who needs to see a clinician and how soon. The two layers complement each other. A clinic running DAX in the exam room can run this pipeline at the front of the funnel, then DAX takes over once the patient is in the room. None of the three documentation tools provide intake severity classification or specialty routing — those are different problems with different prompts and different liability profiles.

Want this built for your clinic?

SEOKRU deploys this workflow in 4 weeks on HIPAA-eligible AWS infrastructure with a signed BAA chain. We handle the privacy assessment, PHI tokenization, MD-reviewed prompt validation, EHR integration, and 90 days of accuracy monitoring with monthly audit reports. You keep ownership of every component.

Talk to a healthcare automation engineer