Responsible AI

AI use at Doctena

Where Doctena uses artificial intelligence, where we deliberately do not, and how we apply the EU AI Act to a healthcare appointment platform.

Last reviewed
Next review
Owner
Chief Technology Officer · Data Protection Officer
Version
1.3.0
On this page

Our AI principles

  • Human oversight. Every AI-assisted decision affecting a person remains subject to meaningful human review.
  • Purpose-limited data. We do not use patient clinical data to train any model, internal or external. Doctena does not train or maintain its own AI model.
  • EU residency. AI features that touch personal data run on EU-hosted infrastructure or under SCCs with documented Transfer Impact Assessments.
  • Explainability. Features powered by AI are labelled clearly in the user interface.
  • Reversibility. Every AI feature can be disabled by the practitioner customer for their tenant.

AI voice assistant

Doctena offers practices an optional AI voice assistant, a telephone tele-secretary that answers calls, books, cancels and reschedules appointments, and routes callers to the right place. It is offered to a practice as an option; the practice decides whether to enable it. This is the one AI system that a patient may interact with directly, so we describe it in full below.

  • You are told it is an AI. At the start of the call the assistant tells the caller they are speaking with an AI assistant, in line with the EU AI Act's Article 50 transparency duty.
  • A human handover is available. A caller can ask to be put through to a person rather than continue with the assistant, and a human fallback can always be set.
  • EU-hosted. The assistant runs on EU infrastructure (AWS Frankfurt), and explicit consent is collected before the call is processed.
  • It does not decide about your care. The assistant routes calls and handles scheduling; it makes no automated decision about your treatment. The practitioner retains all booking and clinical decisions, so there is no solely-automated decision within the meaning of Article 22 GDPR.
  • Human oversight. In line with EU AI Act Article 14, a person can always step in and override the assistant, and its outputs are reviewable.
  • No training on patient data. Doctena's contract with the vendor forbids it from training its models on patient data. Doctena does not train or maintain its own AI model.
  • Governed and assessed. The assistant is governed by Doctena's AI Usage & Governance Policy and Standard and is covered by a Data Protection Impact Assessment. Our AI governance is inspired by ISO/IEC 42001; we are not certified against it.
  • Retention. Call data is kept for as long as the practitioner data retention period (by default three years), or until a deletion or anonymisation request, and is anonymised when the practitioner leaves the platform.

Where AI is used internally

Beyond the voice assistant, Doctena's other uses of artificial intelligence are internal assistive tools that support our own teams. They are not visible to patients or practitioners and do not act on patient clinical data. The list below is exhaustive at the date of this page.

Internal useWhat it doesProviderHuman-in-the-loop?
Drafting and researchDrafting assistance and internal research for Doctena staff.OpenAIMandatory human review of any AI-generated content; not used for clinical decisions.
Meeting notesSummarisation of internal meetings.Google GeminiNotes reviewed by staff before they are relied on.
Software developmentCoding assistance and documentation lookup by Doctena engineers, in an enterprise environment with no training on customer code.Anthropic (Claude Code) and Cursor AIEvery generated suggestion is reviewed by the engineer before commit; PR review is mandatory.
Office productivityAssistive features within our office suite (Docs, Slides, Sheets).Google Workspace via GeminiAll outputs are reviewed by the staff member using the tool.
Internal communicationsSummarisation and search assistance within our internal messaging tool.Slack AIAll outputs are reviewed by the staff member using the tool.
Support-response assistanceAssists support agents in drafting and classifying responses to inbound support tickets. Suggestion only; final triage and reply are human.AI integrated into ZendeskHuman oversight of support responses.
Task managementAssistive features within our internal task-management tool.Asana AIAll outputs are reviewed by the staff member using the tool.

More of the tools we use are adding AI features over time. Each one is evaluated under Doctena's internal AI governance process before it is activated. Doctena does not train or maintain its own AI model.

Where AI is not used

Doctena also does not currently operate:

  • Automated clinical decisions or treatment recommendations.
  • No AI system automatically rejects patients or filters appointments.
  • Biometric identification or emotion recognition.
  • AI-generated voice or video impersonating a practitioner or a patient.

EU AI Act applicability

Under Regulation (EU) 2024/1689 ("AI Act"), Doctena acts as a deployer of the AI features described above. We classify them as follows:

  • AI voice assistant. The directly-applicable EU AI Act duty is the Article 50 transparency obligation (callers are told they are interacting with an AI). Because the assistant processes health data, Doctena classifies it as high-risk under its internal risk framework and applies high-risk-grade governance to it: a Data Protection Impact Assessment, documented human oversight and sub-processor controls on the vendor.
  • Internal deployer use. Software development, drafting and research, meeting notes, office productivity, internal communications, support-response assistance and task management. These tools are used internally only; patients and practitioners do not interact with them. The Article 50 transparency duties for these systems rest with the tool vendors as providers. Our operative duty as deployer is AI literacy under Article 4, in force since 2 February 2025 and implemented through our AI usage policy and staff training. Article 50(4) would apply only if we published AI-generated text to inform the public; our mandatory human review and editorial responsibility cover that case.
  • Prohibited (Article 5). Not applicable. Doctena does not deploy any of the prohibited AI practices, which apply since 2 February 2025. The pending omnibus adds two further prohibitions from 2 December 2026, which are equally not applicable to Doctena.

Should Doctena build a high-risk AI system, the provider conformity assessment under Article 43 will be conducted before it is placed on the market. Should Doctena deploy a third-party high-risk system, we will meet the deployer obligations under Article 26 and, where required, carry out a Fundamental Rights Impact Assessment under Article 27 before deployment.

Human oversight

Every AI-assisted decision affecting an identified or identifiable person can be reviewed by a Doctena employee on request. A human fallback can always be set, so a person can step in wherever an AI feature is in use.

Training data and model providers

Doctena does not train foundation models and develops no proprietary AI or machine-learning models. Where we use third-party AI features, the training of the underlying model is the responsibility of the provider, and that training was performed on the provider's own training data, not on Doctena customer or patient data.

Our contracts with each AI provider explicitly:

  • Prohibit the use of Doctena prompts, completions or context for further training.
  • Confirm the retention of inputs and outputs (zero retention preferred, otherwise short-window).
  • Place processing inside the EU/EEA or under SCCs with a documented Transfer Impact Assessment.

Your choices

  • Patients: the only AI a patient may interact with directly is the AI voice assistant, where enabled by the practice, and the assistant tells you it is an AI at the start of the call and lets you ask to be put through to a person. If you contact support, the answer you receive may have been AI-assisted, for example to help identify and narrow the issue or to phrase the reply; support replies may be AI-assisted, and we maintain human oversight of support responses.
  • Practitioners: the AI voice assistant is optional and is enabled upon subscription; internal assistive tools are not exposed to practitioner workspaces.
  • Doctena employees: internal AI tools are opt-in by team, governed by the AI usage policy and the data classification policy.
Questions? privacy@doctena.com reaches the AI governance owners.