Security & Clinical Safety Overview

Triagely is an AI-assisted clinical intake and workflow support platform currently used in real-world New Zealand primary care settings, including Naenae Medical Centre.

The platform is designed to support:

  • Structured symptom collection • Patient communication

  • Clinical summarisation

  • Workflow efficiency

Triagely is intended as a clinician support tool and does not replace clinician judgement or medical decision- making.

Privacy & Data Minimisation

Triagely has been intentionally designed around a data minimisation philosophy. At present:

  • No direct personal identifiers (e.g. patient name, NHI, address, or date of birth) are intentionally collected within the chat workflow

  • Patient interactions are assigned anonymous session identifiers

  • Stored conversations are separated from identifiable patient records

This architecture is intended to reduce privacy exposure and minimise risk in the event of unauthorised access.

Prior to starting a chat interaction, users are required to provide consent before proceeding.

Infrastructure & Security

Current platform infrastructure is hosted via Google Cloud / Firebase services. Access controls currently include:

  • Restricted administrative dashboard access • Password-protected clinician/admin portals

  • Clinic-level segregation of dashboard views

  • Limited backend data access restricted to the founding technical team

Current audit logging consists of anonymised conversation records.

As the platform matures and broader integrations are explored, additional enterprise-grade security measures — including formal penetration testing and expanded security auditing — are planned prior to PMS integration or wider deployment.

AI Processing & Third-Party Services

Triagely currently utilises enterprise API-based large language model services from OpenAI to support conversational processing and clinical summarisation.

Key principles include:

  • API-based processing only

  • Data not used for model training

  • Limited retention policies via enterprise-tier services

  • Minimisation of identifiable information sent for processing

The platform is designed to minimise unnecessary exposure of sensitive patient information during AI- assisted processing.

Clinical Safety Approach

Triagely is designed as a workflow augmentation tool rather than an autonomous diagnostic system. Key safety principles include:

  • Clinician oversight remains central to all medical decision-making

  • AI-generated outputs are intended to support, not replace, clinical assessment

  • Conservative prompting and structured questioning approaches are used to reduce ambiguity • Outputs are reviewed within existing clinical workflows

The platform continues to evolve iteratively through real-world clinician feedback and operational use within New Zealand primary care environments.

Compliance & Governance

Triagely is being developed with consideration of New Zealand privacy principles and healthcare operational requirements.

Current governance priorities include:

  • Minimising identifiable data collection

  • Maintaining transparent consent processes

  • Reducing privacy exposure through anonymised workflows

  • Progressively strengthening security and governance frameworks as deployment scales

Further formalisation of governance, penetration testing, and compliance processes are planned as part of future PMS integration and wider clinical deployment.

Current Deployment Context

Triagely is currently being iteratively refined through deployment within operational primary care environments.

The platform’s development approach prioritises:

  • Practical clinical utility

  • Privacy-conscious architecture

  • Responsible AI-assisted workflow support

  • Incremental operational and governance maturity

The long-term goal is to support primary care teams by reducing administrative and communication friction while maintaining strong clinical oversight and patient trust.