AI, safety & trust

Last updated: 16 June 2026

How we use AI, in one paragraph

MyNewClinic uses AI to help clinicians work faster, drafting clinical letters, pre-reading intake forms, summarising booking triage, interpreting outcome trends, and acting as a copilot in the diary. It is built on one principle: AI assists, the clinician decides. Every AI clinical output is a draft or a suggestion that a registered practitioner reviews, edits and signs off before it counts. AI is off by default and only sends patient data once your clinic explicitly turns it on. This page sets out, feature by feature, exactly what the AI does, what data it sees, and where a human stays in the loop.

AI is off until you switch it on

No patient data is sent to our AI provider until an owner or admin at your clinic enables AI data processing in Settings → Security. This is a deliberate compliance switch: it is off by default, and while it is off the AI features are disabled and nothing leaves MyNewClinic. We ask you to enable it only once your data-processing agreement with our AI provider is in place. You can turn it off again at any time.

A clinician reviews every AI clinical output

Nothing the AI produces is treated as final. Clinical letters and GP or insurance reports are generated as drafts that say "Always review and edit before sending, AI drafts can contain errors", and saving to the record is a separate, manual action. Pre-visit summaries and outcome-trend insights are read-only pre-reads shown to the clinician and are never written back to the patient record. The pre-visit card is labelled "AI-generated from patient-provided information, verify clinically". Booking-triage red-flag screens are framed as "review before the visit", not as a diagnosis. The AI screens and drafts; the registered practitioner decides.

Where the copilot can act, and how we keep you in control

One feature, the staff AI Assistant, can take real actions in your clinic, booking an appointment, blocking diary time, creating an invoice or a discount code, or filling a gap from the wait-list. It does this only after stating the action and asking you to confirm, unless your own message already spells out every detail as an explicit instruction. Every action it takes is written to your clinic's audit log. The patient-facing portal assistant, by contrast, can only read, it has no tools that change anything, refuses clinical advice, and tells patients to call 999 or NHS 111 on red-flag symptoms.

What data each AI feature sees

We are specific rather than reassuring. Two features send anonymised, aggregate data only: the outcome-trend insight receives numeric measure series (dates and values, no name or identifiers), and the daily dashboard briefing receives aggregate counts only (number of appointments, gaps, outstanding invoices), no patient names.

The staff assistant, clinical letters and pre-visit summaries do send identifiable patient data, name and clinical note text, plus date of birth, contact details or address depending on the feature, to our AI provider so they can do their job; that is exactly why these features are gated behind the off-by-default switch and your data-processing agreement. Booking triage sends the patient's free-text complaint and answers but not their name or date of birth. We do not run a separate non-clinical model on the side: there is a single AI provider.

Our AI and infrastructure providers

AI features are powered by Anthropic (Claude), our sole AI provider, in the United States, used only when your clinic enables AI. Your clinic and patient data is stored with Supabase in the UK (London, eu-west-2). Card payments and subscription billing run through Stripe (PCI DSS); we store only the card brand, last four digits and a token, never full card numbers. SMS reminders use Telnyx and email uses your configured SMTP provider. Two optional clinical add-ons, SCRPT (AI clinical notes from audio) and RehabRx (AI exercise programmes), send consultation audio or de-identified clinical text to dedicated processing engines. Our full sub-processor list, with purpose, data and location for each, is on our Security & GDPR page, and changes are notified to clinics in advance.

Our AI provider's data terms

Per Anthropic's commercial API data-processing agreement, API inputs and outputs are not used to train models and are retained for up to 30 days for trust-and-safety purposes only. We state this as a description of our provider's contractual terms, clinics relying on it should confirm it against Anthropic's current DPA. It is a contractual commitment from the provider, not something the MyNewClinic application separately enforces in code.

UK GDPR and your patients' rights

Each clinic is the data controller for its patients; MyNewClinic is the data processor acting on your documented instructions, under a data processing agreement. We provide a UK GDPR toolkit in the app: subject-access export, erasure (which anonymises identity while retaining the de-identified clinical and financial records your retention obligations require), an access log, and two-factor authentication. Our Data Processing Agreement, Privacy Policy and Security & GDPR page set out roles, sub-processors, international transfers, security measures and breach notification in full.

Reporting a concern

If you believe an AI output is wrong or harmful, or you have a security or privacy concern, contact us at hello@mynewclinic.com and we will respond. AI drafts can contain errors, please always review clinical content before it reaches a patient or another clinician.