Fiftyfoursix Medical AI (“Fiftyfoursix,” “we,” “our,” or “us”) provides an AI-powered appointment-setting and call-routing platform for healthcare providers. This Privacy Policy describes how we collect, use, disclose, and protect information when clinics, their staff, and their patients interact with our services (the “Services”).
We designed the Services with privacy and security as foundational requirements. All data in transit and at rest is protected with end-to-end encryption, and we do not retain protected health information (“PHI”) any longer than necessary to route a message or fulfill the immediate clinical workflow.
1. Information We Collect
Information from clinics
When a clinic creates an account, we collect business contact details (clinic name, email, phone), authorized user credentials, calendar and EHR connection metadata, and billing information processed by our payment provider.
Information from patient calls and messages
To route appointments and respond to inquiries, the Services may transiently process caller-provided information such as name, callback number, reason for the call, preferred appointment time, and any voluntary notes. This information may include PHI.
Technical information
We collect standard service telemetry (timestamps, call duration, error rates, IP address, device and browser identifiers) used to operate, secure, and improve the Services.
2. How We Use Information
- To route patient calls, schedule appointments, and sync with the clinic’s calendar or EHR.
- To deliver transactional notifications to clinic staff and patients.
- To monitor uptime, detect abuse, and maintain security of the Services.
- To meet our legal, contractual, and regulatory obligations.
We do not sell personal information, and we do not use PHI to train third-party AI models.
3. Data Retention
PHI processed through the Services is retained only for the period required to complete the relevant clinical workflow (for example, routing a message or confirming an appointment), after which it is purged from our active systems and rotated out of encrypted backups on a rolling basis. Non-PHI operational metadata (such as anonymized call counts) may be retained for analytics, billing, and audit purposes.
4. How We Share Information
We share information only as needed to operate the Services:
- With the clinic that owns the account, including authorized staff who handle patient communications.
- With sub-processors (cloud hosting, telephony, transcription) bound by written agreements, including HIPAA Business Associate Agreements where applicable.
- When required by law, valid legal process, or to protect the rights, safety, and security of users and the public.
5. Security
We employ defense-in-depth controls, including TLS 1.2+ in transit, AES-256 at rest, least-privilege access, continuous monitoring, and routine third-party assessments. See our Security page for details.
6. Your Rights
Patients should direct requests to access, correct, or delete their health information to the treating clinic, which is the HIPAA Covered Entity and data controller. Clinic administrators can manage account data directly within the Services or by contacting us.
7. Children’s Privacy
The Services are intended for use by healthcare providers. We do not knowingly collect information directly from children; pediatric clinical information is processed only on behalf of the treating clinic.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by email to the clinic’s primary contact.
9. Contact
Fiftyfoursix Medical AI · Houston, TX · info@fiftyfoursix.com