How to Build a customer support Agent Using AutoGen in Python for healthcare

A healthcare customer support agent handles patient questions, appointment routing, billing clarifications, and policy lookups without exposing sensitive data to the wrong place. The point is not to replace staff; it is to reduce response time while keeping PHI handling, auditability, and escalation paths tight enough for regulated environments.

Architecture

• •User-facing chat entrypoint
  • •Receives patient or staff messages from web, mobile, or contact-center tooling.
• •Orchestrator agent
  • •Uses AssistantAgent to interpret the request, decide whether it can answer directly, or route to tools/humans.
• •Policy and knowledge tools
  • •Functions for FAQ lookup, appointment status, clinic hours, insurance policy summaries, and escalation triggers.
• •PHI safety layer
  • •Redacts sensitive fields before model calls and blocks unsupported requests like diagnosis or treatment advice.
• •Human handoff path
  • •Escalates anything clinical, ambiguous, or high-risk to a nurse queue or support inbox.
• •Audit logging
  • •Stores prompts, tool calls, decisions, and final responses with tenant, timestamp, and case ID.

Implementation

1) Install AutoGen and define the support tools

For healthcare support agents, keep the tool surface small. Every function should have a clear business boundary so you can review it for compliance and data residency.

from typing import Dict
from autogen import AssistantAgent

def get_clinic_hours(clinic_id: str) -> str:
    hours = {
        "primary_care": "Mon-Fri 08:00-17:00",
        "pediatrics": "Mon-Fri 09:00-18:00",
    }
    return hours.get(clinic_id, "Clinic not found")

def get_appointment_status(appointment_id: str) -> str:
    # Replace with a real EHR/CRM lookup behind your internal API gateway
    return f"Appointment {appointment_id}: confirmed for 2026-04-22 at 10:30"

def create_handoff_ticket(case_summary: str) -> str:
    # Replace with ServiceNow/Zendesk/CRM ticket creation
    return f"Handoff ticket created: {case_summary}"

llm_config = {
    "config_list": [
        {
            "model": "gpt-4o-mini",
            "api_key": "YOUR_OPENAI_API_KEY",
        }
    ],
    "temperature": 0,
}

2) Create an AssistantAgent with strict instructions

This agent should answer only support questions. It should refuse diagnosis requests, medication advice, and anything that needs a clinician.

support_agent = AssistantAgent(
    name="healthcare_support_agent",
    llm_config=llm_config,
    system_message="""
You are a healthcare customer support agent.

Rules:
- Answer only administrative and support questions.
- Never provide medical advice, diagnosis, triage, or treatment guidance.
- If the user asks about symptoms, medications, test results interpretation,
  or urgent issues, escalate immediately.
- Minimize PHI exposure. Do not ask for unnecessary personal data.
- When needed, call tools for clinic hours or appointment status.
- Always produce a short final answer with next steps or escalation.
"""
)

3) Register tools and run a chat loop

AutoGen’s function-calling pattern works well here because you can keep the model on rails while still giving it access to approved backend actions.

from autogen import UserProxyAgent

user_proxy = UserProxyAgent(
    name="user_proxy",
    human_input_mode="NEVER",
    max_consecutive_auto_reply=3,
)

support_agent.register_for_llm(name="get_clinic_hours", description="Get clinic operating hours")(get_clinic_hours)
support_agent.register_for_llm(name="get_appointment_status", description="Get appointment status")(get_appointment_status)
user_proxy.register_for_execution(name="get_clinic_hours")(get_clinic_hours)
user_proxy.register_for_execution(name="get_appointment_status")(get_appointment_status)

message = (
    "What time does pediatrics open tomorrow? "
    "Also my appointment ID is APPT-88321."
)

result = user_proxy.initiate_chat(
    support_agent,
    message=message,
)

That pattern gives you one agent deciding what to do and one executor running the approved functions. In production, the executor should be your internal service layer, not direct database access from the agent process.

4) Add escalation logic for healthcare-safe handling

The key behavior is refusing clinical content and handing off anything risky. You can do that by checking for sensitive intents before sending work to downstream systems.

import re

HIGH_RISK_PATTERNS = [
    r"\bsymptom\b",
    r"\bpain\b",
    r"\bmedication\b",
    r"\bprescription\b",
    r"\btest result\b",
    r"\bdiagnos(e|is)\b",
]

def requires_human_review(text: str) -> bool:
    return any(re.search(pattern, text.lower()) for pattern in HIGH_RISK_PATTERNS)

incoming = "I have chest pain and need advice"
if requires_human_review(incoming):
    ticket = create_handoff_ticket(
        f"Escalate immediately. User said: {incoming}"
    )
    print(ticket)
else:
    user_proxy.initiate_chat(support_agent, message=incoming)

Production Considerations

• •

  Keep PHI out of the model when possible

  • •Redact names, member IDs, DOBs, phone numbers, and addresses before prompt construction.
  • •If you must pass identifiers for lookup, use opaque tokens mapped inside your backend.
• •

  Deploy in-region

  • •For healthcare workloads tied to residency requirements or internal policy boundaries, pin model inference and logs to approved regions.
  • •Make sure any vector store or transcript archive follows the same residency rules.
• •

  Audit everything

  • •Log prompt version, tool calls, output text, user ID/tenant ID, escalation reason, and final disposition.
  • •Keep logs immutable enough for compliance review without storing unnecessary PHI in plaintext.
• •

  Add guardrails outside the model

  • •Use deterministic filters for urgent symptoms, self-harm language if applicable to your scope of care operations, insurance fraud cues if relevant.
  • •Don’t rely on system prompts alone for safety enforcement.

Common Pitfalls

1. •

   Letting the model see raw clinical data

   • •Mistake: passing full charts or unredacted messages into AssistantAgent.
   • •Fix: pre-process inputs with redaction and send only the minimum required context.
2. •

   Using one agent for everything

   • •Mistake: mixing billing support, scheduling logic, clinical Q&A, and claims disputes in one prompt.
   • •Fix: split by workflow. Keep this agent limited to administrative support and route other intents elsewhere.
3. •

   Skipping human escalation rules

   • •Mistake: assuming the assistant can “handle” uncertain medical questions if prompted carefully enough.
   • •Fix: hard-block medical advice categories and auto-create a handoff ticket when risk is detected.
4. •

   Ignoring audit requirements

   • •Mistake: storing only the final answer while discarding tool traces and refusal reasons.
   • •Fix: persist structured traces so compliance teams can reconstruct what happened during each interaction.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.