FAQ

Ellipsis Health is the healthcare AI company delivering empathetic, innovative AI solutions that improve care operations and unlock the life-changing outcomes that every patient deserves. Designed by clinicians for the healthcare ecosystem, Ellipsis Health’s Sage is the world’s most emotionally intelligent, secure, and HIPAA-compliant AI Care Manager, purpose-built for healthcare management throughout the entire patient journey. Ellipsis Health is trusted by top-tier healthcare organizations, including leading providers and payors, to deliver AI solutions proficient at handling patients with complex physical, behavioral, and social needs that drive the majority of healthcare costs.

Ellipsis Health was founded in 2017 by CEO Mainul Mondal, whose parents faced multiple chronic health conditions. Watching his mother struggle through care management calls, Mainul envisioned a care manager that could be there 24/7 for patients like his parents, someone who would listen with empathy, never get tired, and provide consistent, high-quality support. From day one, we’ve been pioneers in voice AI for healthcare, building the technology and collecting real clinical data needed to make truly empathetic conversations possible.

Health plans and providers are facing a perfect storm: critical staff shortages, widespread burnout, mounting patient backlogs, and relentless pressure to cut costs while improving outcomes. Care management teams are stretched impossibly thin, leading to inconsistent patient outreach, missed quality measures, and lost revenue opportunities. Meanwhile, the patients who need the most support, such as those with complex physical, behavioral, and social needs often fall through the cracks. These patients ultimately drive a majority of healthcare costs because human teams simply don’t have the capacity to reach everyone who needs care.

We created Sage, an emotionally intelligent AI Care Manager that makes and receives fully autonomous phone calls on behalf of healthcare organizations. Sage handles the full spectrum of care management. From enrollment and engagement to assessments and clinical follow-ups, Sage operates with the empathy and consistency needed to connect with even the most complex members and patients. Sage operates 24/7, maintains script adherence, and gets better with every conversation. Our clients see immediate capacity expansion, significant cost reduction, and improved patient outcomes, all while allowing their clinical staff to focus on the complex cases that truly require human expertise.

Sage is powered by our proprietary Empathy Engine, a breakthrough combination of patented vocal biomarker technology, therapeutic techniques, and training based on millions of real clinical patient calls. While competitors train on synthetic data or healthy volunteers, we’ve spent years collecting actual care management conversations with real members and patients facing real health challenges. This means Sage can detect subtle vocal cues, adapt its tone and approach in real-time, and navigate difficult conversations with consistent care and patience. The result is an emotionally intelligent AI care manager that doesn’t just sound more natural, it actually connects with members and patients in ways that drive measurable improvements in engagement and outcomes.

Our clients consistently see increases in task completion rates, faster program enrollment, and ROI. Beyond the metrics, we’re fundamentally changing what’s possible in care management by clearing patient backlogs that have existed for months, reaching patients during off-hours when human teams aren’t available, and ensuring that every member and patient receives the same high-quality, empathetic engagement regardless of their complexity or communication style.

Our customers include leading health plans, health systems, and specialty care management organizations across the United States. We work with organizations that are committed to improving outcomes for their most complex patient populations. We’re backed by Salesforce Ventures, Khosla Ventures, and CVS Ventures, and Sage is also available through Salesforce Agentforce Health, validation from some of healthcare and technology’s most respected names.

Sage is built on years of rigorous clinical research and real-world validation. Our patented vocal biomarker technology is backed by over 10 peer-reviewed publications and has been validated by tier-one health systems and national health plans. Every update to Sage undergoes review by our clinical team of physicians, nurses, and care managers before deployment. We maintain HIPAA and SOC 2 compliance, conduct regular third-party security audits, and operate under the rules of our AI Ethics Policy. Most importantly, our technology is validated every day by the members and patients who engage with Sage and the healthcare organizations that see measurable improvements in their operations and outcomes.

Our Commitment to Accessibility

Ellipsis Health is committed to making our website’s content accessible and user-friendly to everyone. If you are having difficulty viewing or navigating the content on this website, or notice any content, feature, or functionality that you believe is not fully accessible to people with disabilities, please email our team at info@ellipsishealth.com with “Disabled Access” in the subject line and provide a description of the specific feature you feel is not fully accessible or a suggestion for improvement. We take your feedback seriously and will consider it as we evaluate ways to accommodate all of our customers and our overall accessibility policies. Additionally, while we do not control such vendors, we strongly encourage vendors of third-party digital content to provide content that is accessible and user-friendly.

Yes, we are GDPR and HIPAA compliant.

HIPAA is a set of national standards for the protection of certain health information. Specifically, it protects PHI and PII held or transmitted in any form or media.

For more information on HIPAA, click here.

GDPR sets a new standard for consumer rights regarding their data as it takes a wide view of what constitutes PII, which could be thought as the non-health information constituting PHI. It requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory. The regulation includes seven principles of data protection that must be implemented and eight privacy rights that must be facilitated.

For more information about GDPR, click here.

We take data privacy and security extremely seriously. Sage collects only the information necessary to provide effective care management, the same type of clinical and demographic data that would be collected during any care management call. All data is protected with healthcare-grade security including end-to-end encryption, strict access controls, and HIPAA-compliant infrastructure. Conversations are recorded and transcribed only with proper authorization, and we provide clients with full transparency into what data is collected and how it’s used. We follow data minimization principles, meaning we collect only what’s needed and retain it only as long as necessary for clinical care and quality improvement. Your privacy and security are foundational to everything we do.

Yes. We only ask for the minimal amount of personal data required to complete a given task and many responses are optional.

In accordance with HIPAA regulations very few people. “The covered entity (such as a provider) policies and procedures must identify the persons or classes of persons within the covered entity who need access to the information to carry out their job duties, the categories or types of protected health information needed, and conditions appropriate to such access.” To translate, we comply with HIPAA and the only people that can see someone’s data are those who are on an approved need-to-know basis to carry out their job duty.

Additionally, HIPAA states that “a third party (such as Ellipsis) hired by partners can only access information through a federally mandated agreement, which ensures the privacy and security of someone’s data.” For example, if a covered entity (such as a provider) engages a business associate (Ellipsis) to help it carry out its health care activities and functions, the provider must have a written contract or other arrangement with Ellipsis that establishes specifically what Ellipsis has been engaged to do and requires Ellipsis to comply with the HIPAA requirements to protect the privacy and security of protected health information.

Yes. If you wish to access, correct, update, or delete Personal Information about you, please email us at privacy@ellipsishealth.com or contact us by mail. In responding to your request, we may request information from you and use information previously collected to verify your identity, or take other actions that we believe are appropriate.

Please understand that we may not be able to alter or delete your Personal Information if we are required under applicable law to maintain that information. We are also not obligated to comply with requests that are unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In some circumstances, we may charge a reasonable fee to fulfill your request.

1. Encryption – We encrypt all data across all channels, both in transit and at rest.
2. Limited Access – In compliance with HIPAA, access to information is limited to individuals who need it and are HIPAA-trained.
3. Daily backup – We back up all data daily to safeguard against unforeseen events such as system malfunctions, accidental deletions, or service outages.
4. Two-Factor identification (2FA) – Two-factor identification is an extra layer of security that helps ensure that people who try to access an account are who they say they are. All our internal systems require 2FA for employees. 
5. Logical access control – We practice role-based logical access control. As such, very few people in our company have access to our production data. Additionally, because our service is multi-tenant, we provide logical separation between data belonging to various tenants/partners.
6. Audit logs – All accesses and changes to data and backend systems are recorded in an audit log for 1 year.
7. Penetration tests – We conduct annual penetration tests and monthly vulnerability scans of our production services to protect systems and data against known and emerging vulnerabilities, and to immediately address all urgent issues identified.
8. Breach response – Data breaches are security incidents where information is accessed, stolen, and used by a cybercriminal without authorization. In consultation with TW Security, a third-party security service, we have a breach response process that is activated immediately upon detection of any intrusion into our systems.
9. Data de-identification – When data is made available in our analytical system for our machine learning team, we strip it of all PII so that it neither identifies nor provides a reasonable basis for identifying an individual.
10. Security audits – We conduct annual third-party security audits to ensure all practices and procedures meet the highest industry standards.
11. Security policy review – In line with our security audits, we perform an annual review and update of all security policies.

Like all other healthcare or financial transactions, data is encrypted when it is sent over the internet. We then store all data in an encrypted format in a secured cloud platform.

As applicable, we will comply with all relevant state, federal and international laws and regulations.

If you have questions regarding our privacy and security, we encourage you to contact us.