Privacy Policy
Effective date: April 22, 2026
AgenticMD LLC ("AgenticMD," "we," "our," or "us") operates an AI-assisted SMS clinical-communication service that pairs primary-care physicians with their established patients. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices you have.
AgenticMD is designed to handle protected health information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA"). Our subprocessors operate under Business Associate Agreements ("BAAs").
1. Information we collect
When you enroll in AgenticMD through your physician's practice or our online consent page, and when you use the service, we collect:
- Contact information — your full legal name, mobile phone number, and date of birth.
- Authentication records — identity verification attempts, timestamps, and consent records.
- Clinical information — the content of SMS messages you send and receive, and the medications, allergies, problem list, and other clinical data your physician's electronic health record ("Epic") authorizes us to retrieve on your behalf under the 21st Century Cures Act.
- Technical information — IP address and timestamp at the moment of online opt-in; message metadata supplied by the SMS carrier (Message SID, delivery status).
2. How we use your information
- To verify your identity before any clinical conversation begins.
- To conduct a structured clinical intake with your physician's AI agent and to prepare a draft summary for provider review.
- To send you appointment reminders, care-gap outreach, and follow-ups authorized by your physician. Care-gap outreach may include reminders for routine measurements and labs (blood pressure, weight / BMI at your annual visit, A1c, fasting glucose, lipid panel), cancer screening (mammogram, cervical, colon, lung where clinically eligible), vascular screening (abdominal aortic aneurysm where clinically eligible), sexual-health screening (sexually transmitted infections, adult patients only), mental-health screening (depression and anxiety), functional and lifestyle screening (fall-risk STEADI for adults 65+, tobacco-use screening), vaccines (annual flu shot, pneumococcal, COVID-19 booster, RSV for eligible adults, shingles, Tdap booster), and wellness visits (annual wellness visit and Medicare Annual Wellness Visit where eligible).
- To escalate emergent symptoms to emergency services and notify your physician.
- To maintain an immutable audit log of every authentication event, message, and physician action — a requirement of HIPAA and of our internal safety policy.
3. SMS and text messaging
By opting in, you agree to receive SMS messages from AgenticMD related to your care with your physician. Message frequency varies based on your clinical needs and your physician's outreach. Message and data rates may apply per your mobile carrier.
You may opt out of SMS at any time by replying STOP to any message. You may request help by replying HELP. Opt-out is effective immediately; re-enrollment requires replying START or completing the consent page again.
4. Service providers and subprocessors
We share information with the following service providers, each under a HIPAA Business Associate Agreement, strictly as needed to deliver the service:
- Twilio, Inc. — SMS transport and phone-number management.
- Anthropic, PBC — the Claude AI model used to conduct intake conversations and draft clinical summaries.
- Epic Systems Corporation — read and provider-approved write access to your electronic health record via the FHIR R4 API.
- Cloud hosting — HIPAA-eligible infrastructure (AWS or Microsoft Azure) for application hosting and audit storage.
We do not sell your information. We do not share it with advertisers. We do not use your information for any purpose unrelated to your care.
5. Protected health information
AgenticMD acts as a business associate of your physician's practice for purposes of HIPAA. Your PHI is handled pursuant to the Notice of Privacy Practices provided by that practice, which governs how your PHI is used and disclosed for treatment, payment, and healthcare operations. SMS communication of PHI occurs only after you have provided explicit written authorization during enrollment.
6. Data retention
Consent records are retained for a minimum of six years following your last interaction, consistent with HIPAA. Clinical records retrieved from Epic remain in Epic; AgenticMD retains copies only as required for audit. You may request deletion of your non-clinical account data by contacting us; clinical records governed by HIPAA are retained per your physician's record-retention policy.
7. Security
All traffic between your device, AgenticMD, and our service providers is encrypted in transit using TLS. PHI at rest is encrypted. Access is controlled by role-based permissions. All actions — authentications, messages, physician approvals — are recorded in an immutable audit log with hashed identifiers.
8. Your rights
You have the right to:
- Opt out of SMS at any time by replying STOP.
- Request a copy of the information we hold about you.
- Request correction of inaccurate information.
- Revoke your consent for SMS PHI communication (in writing to the address below).
- File a complaint with your physician's practice or with the U.S. Department of Health and Human Services Office for Civil Rights.
9. Children
AgenticMD is not directed to children under 13 and we do not knowingly collect personal information from children under 13. Adolescent patients who are enrolled by a parent or guardian are treated under the enrolling adult's authorization and applicable state law.
10. Changes to this policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be posted at agenticmd.io/privacy with an updated effective date and, where required, communicated to you by SMS or email.
11. Contact us
Questions about this policy or your information may be directed to:
AgenticMD LLC
Attn: Privacy Officer
[Registered Business Address — to be filled in]
Email: privacy@agenticmd.io