Responsible AI

AI use at Doctena

Where Doctena uses artificial intelligence, where we deliberately do not, and how we apply the EU AI Act to a healthcare appointment platform.

Last reviewed
Next review
Owner
Chief Technology Officer · Data Protection Officer
Version
1.0.0
On this page

Our AI principles

  • Human oversight — every AI-assisted decision affecting a person remains subject to meaningful human review.
  • Purpose-limited data — we do not use patient clinical data to train any model, internal or external.
  • EU residency — AI features that touch personal data run on EU-hosted infrastructure or under SCCs with documented Transfer Impact Assessments.
  • Explainability — features powered by AI are labelled clearly in the user interface.
  • Reversibility — every AI feature can be disabled by the practitioner customer for their tenant.

Where AI is used

Doctena uses artificial intelligence — including third-party large language models — in a small number of supporting roles. The list below is exhaustive at the date of this page.

FeatureWhat it doesProviderHuman-in-the-loop?
Edge attack prevention Anomaly detection on inbound HTTP traffic to spot patterns the WAF rules do not cover. Cloudflare SOC review of every triggered block.
Internal developer assistance Code completion and documentation lookup by Doctena engineers, in an enterprise environment with no training on customer code. GitHub Copilot Every generated suggestion is reviewed by the engineer before commit; PR review is mandatory.
Internal productivity Meeting summarisation, drafting assistance, internal research. OpenAI ChatGPT (enterprise) Mandatory disclaimer on every AI-generated content; not used for clinical decisions.
Support summarisation Optional pre-classification of inbound support tickets to suggest a priority and a category. Suggestion only — final triage is human. Zendesk (vendor AI) Yes — human triage on every ticket.

Where AI is not used

Doctena also does not currently operate:

  • Automated clinical decisions or treatment recommendations.
  • Automated rejection of patients or filtering of appointments based on AI.
  • Biometric identification or emotion recognition.
  • AI-generated voice or video impersonating a practitioner or a patient.

EU AI Act applicability

Under Regulation (EU) 2024/1689 ("AI Act"), the AI features described above are classified as follows:

  • Limited risk (Article 50) — internal productivity, developer assistance, support summarisation. Subject to transparency obligations.
  • Minimal risk — edge attack prevention. No specific obligations.
  • High risk (Annex III) — not currently applicable. Doctena does not deploy AI in any of the high-risk areas listed in Annex III of the AI Act (CV-screening, credit scoring, biometric categorisation, etc.).
  • Prohibited (Article 5) — not applicable. Doctena does not deploy any of the prohibited AI practices.

Should Doctena introduce a feature that would fall under the high-risk category, the conformity assessment under Article 43, including the Fundamental Rights Impact Assessment under Article 27, will be conducted before deployment.

Human oversight

Every AI-assisted decision affecting an identified or identifiable person can be reviewed by a Doctena employee on request. Our support team is trained to identify decisions that may have been AI-assisted and to escalate them to the responsible owner. Where an AI vendor provides a feature, our contract with the vendor requires a contestability mechanism.

Training data and model providers

Doctena does not train foundation models. Where we use third-party AI features, the training of the underlying model is the responsibility of the provider, and that training was performed on the provider's own training data, not on Doctena customer or patient data.

Our contracts with each AI provider explicitly:

  • Prohibit the use of Doctena prompts, completions or context for further training.
  • Confirm the retention of inputs and outputs (zero retention preferred, otherwise short-window).
  • Place processing inside the EU/EEA or under SCCs with a documented Transfer Impact Assessment.

Your choices

  • Patients: AI features visible to patients are limited to the edge anomaly detection (invisible) and the support pre-classification (invisible). No opt-out is needed.
  • Practitioners: every optional AI feature can be disabled in the tenant settings; the support pre-classification is feature-flagged at the workspace level.
  • Doctena employees: internal AI tools are opt-in by team, governed by the AI usage policy and the data classification policy.

Transparency reporting

Aggregate metrics on AI-related decisions — including the count of AI-assisted support classifications, the false-positive rate of edge anomaly detection, and any AI-related incident — are published annually in our Transparency Report.

Questions? privacy@doctena.com reaches the AI governance owners.

Also in this category

Compliance