What is Revenue Recovery Infrastructure?

It is an installed system, engineered as HIPAA-Compliant Lifelike Automations, that captures the revenue premium practices lose at four predictable leak points: missed and after-hours calls, no-shows and cancellations, dormant patients, and uncaptured chairside upsells. It runs in parallel to your front-desk team as an auxiliary layer, not a replacement.

Is The Thinking Robot HIPAA-Compliant?

Yes. Healthcare deployments run on a HIPAA-eligible stack with a signed BAA across the vendor chain. Security and compliance are built into the foundation, not added on afterward.

How is this different from an AI chatbot or an answering service?

An answering service takes messages and a chatbot deflects. Revenue Recovery Infrastructure books the consult, qualifies the lead against your real clinical protocols, recovers no-shows, and reactivates dormant patients, while escalating anything clinical or sensitive to a human.

Pricing is set after a 30-minute Intake Leak Audit quantifies your specific recoverable revenue, so the math is clear before you commit. If the recovery math does not pencil out for your practice, we tell you.

What is an Intake Leak Audit?

A 30-minute diagnostic. We measure what actually happens to your inbound inquiries, including after hours, and hand back the annualized revenue your pipeline is leaking along with an honest recommendation. Request one at expand@thethinkingrobot.com or call Rosey at +1 (720) 776-1664.

The Vendor Security Questionnaire: Ten Questions to Ask Before Any AI Voice Agent Touches Your Phone Line

Before an AI voice agent answers a single call, run this ten-question security questionnaire. SOC 2, data training, penetration testing, prompt-injection defenses, and the kill switch — what to ask and what a good answer sounds like.

Mar 10, 2026

cybersecurity, agentic-ai-security, vendor-risk, AI voice agent, SOC 2, security questionnaire

Every vendor demo sounds the same. The voice is warm, the booking flow is smooth, and the security conversation lasts ninety seconds. Then the contract gets signed, the agent goes live on your main line, and the questions you should have asked become questions you are asking your attorney.

The Thinking Robot builds Revenue Recovery Infrastructure as Lifelike Automations, and we sit on both sides of this table — we answer security questionnaires, and we think every practice should send one. This is not the HIPAA checklist your medical director runs (we have covered what medical directors must verify before signing an agentic AI vendor separately). This is the security-posture layer underneath it: the questions that apply whether you are a med-spa, a salon, a therapy group, or an orthopedics clinic. Ten questions, with what a good answer sounds like.

Questions 1–4: The Paper Trail

1. Can you produce a SOC 2 Type II report dated within the last twelve months? Enterprise security reviewers treat a current Type II as the minimum bar; a Type I (a point-in-time snapshot) or no report at all is a caution flag. Note the trap: a voice-agent vendor's SOC 2 only covers what the vendor owns. Ask which subprocessors — telephony, transcription, the model provider — sit outside its scope.

2. Can you produce a recent third-party penetration test? Pen tests are not part of SOC 2, but they are standard due diligence. A vendor that cannot show one — even a redacted summary — has a gap.

3. Is my call data used to train models, and can I get that in writing? The 2026 baseline from vendor-risk practitioners is plain: vendors should not train on customer data by default, and you want a written commitment that your patients' calls never become someone else's model. "We anonymize it" is not the same answer as "we do not use it."

4. Where does my data live, and for how long? Recordings, transcripts, and extracted fields each have a residency and a retention clock. A good vendor can name all three without checking.

Questions 5–7: The Agent Itself

5. What defenses exist against prompt injection? Prompt injection is LLM01 on the OWASP Top 10 for LLM Applications — the most fundamental vulnerability in the category. The good answer names mechanisms: instruction separation, input validation, output filtering, adversarial testing. The bad answer is "the model is very good at staying on script."

6. What exactly can the agent do — and what can it never do? OWASP's agentic-application guidance centers on least privilege: every tool the agent can call is attack surface. You want a written tool inventory. An agent that can read one calendar slot is a different risk class from an agent with database credentials. Our standard builds ship with a 4-layer safety stack, and healthcare builds with a 6-layer stack, precisely because permissions are designed before personality.

7. How does the agent verify a caller's identity before disclosing anything? With contact-center deepfake attempts up 1,300 percent year over year by Pindrop's count, "the caller said they were the patient" is no longer verification. Ask what the agent requires before it reads anything back.

Questions 8–10: When Things Go Wrong

8. Show me the audit log for one call. Not a description — the artifact. Per-call logs of what was said, what tools were invoked, and what data moved are what turn a suspicious Tuesday into a contained Tuesday. IBM's 2025 data puts the average breach-identification-and-containment cycle at 241 days globally; logging is how you refuse to participate in that average.

9. What is your kill switch, and who can pull it? Agentic-security guidance now treats instant disablement — revoking an agent's credentials without touching anything else — as table stakes. Ask how fast the agent can be taken offline, what callers hear when it is, and whether you can trigger it yourself or must file a ticket.

10. What is your incident-notification commitment, in hours? Get a number in the contract. "We take security seriously" is not a number.

What This Questionnaire Is Really Testing

Only half of this exercise is about the answers. The other half is watching how the vendor responds to being asked. A team that has genuinely engineered for security answers quickly, in specifics, with documents. A team that has not will redirect you to the demo. Compliance copy, like front-desk infrastructure, reveals its quality under pressure — which is why our HIPAA-Compliant deployment page exists and why Nova anchors the compliance conversation before any agent of ours answers a call.

Your phone line is the front door to your revenue pipeline. Anyone asking to stand in that doorway should expect to be questioned.

References

Telnyx, "Are AI Voice Agents SOC 2 Compliant? Vendor Checklist" — telnyx.com/resources/soc-2-voice-ai-agents (2026)
Atlas Systems, "AI Vendor Risk Assessment Questionnaire for Compliance" — atlassystems.com/blog/ai-vendor-risk-questionnaire (2026)
OWASP GenAI Security Project, "Top 10 for LLM Applications 2025" and "Top 10 for Agentic Applications" — genai.owasp.org (2025)
IBM, "Cost of a Data Breach Report 2025" — ibm.com/reports/data-breach (2025)
DeepStrike, "Vishing Statistics 2025" (Pindrop contact-center deepfake data) — deepstrike.io/blog/vishing-statistics-2025 (2025)

Next Step

If your premium practice runs more than 100 inbound consult inquiries a month and has no structured measurement of how many never reach a scheduled consultation, your pipeline is leaking revenue. We quantify this for your practice in a 30-minute Intake Leak Audit.

Request an Intake Leak Audit: expand@thethinkingrobot.com
Audit Real-Time Conversational Velocity: Talk to Rosey, our AI receptionist, at +1 (720) 776-1664.

‹ What Happens When A Lifelike Automation Gets It Wrong: Safety Nets, Fallbacks, And The HIPAA Posture Underneath

The Six-Week Gap: Where a $14,000 Hair Transplant Quietly Cancels Itself ›