How to Build a customer support Agent Using LangChain in TypeScript for healthcare

A healthcare customer support agent handles patient-facing questions like appointment changes, billing status, benefits coverage, and basic policy explanations without putting protected health information at risk. It matters because support teams need faster response times, but healthcare also needs strict controls around compliance, auditability, and what the model is allowed to say.

Architecture

• •

  TypeScript API layer

  • •Exposes a /chat endpoint for web or contact-center clients.
  • •Handles authentication, tenant context, and request logging.
• •

  LangChain agent

  • •Orchestrates the LLM, tools, and conversation flow.
  • •Uses ChatOpenAI plus a tool-calling agent for structured actions.
• •

  Healthcare knowledge base

  • •Stores approved policy docs, FAQ content, and escalation rules.
  • •Retrieved through a vector store or search tool with tight access control.
• •

  Guardrails and PHI filters

  • •Detects or redacts sensitive data before prompts hit the model.
  • •Blocks unsafe outputs like diagnosis advice or claims adjudication.
• •

  Audit and observability pipeline

  • •Logs prompts, tool calls, decisions, and final responses.
  • •Keeps records for compliance review and incident investigation.
• •

  Human handoff path

  • •Escalates to a live support queue when confidence is low or the request is clinical.
  • •Preserves conversation state for the agent who takes over.

Implementation

1. •Install LangChain and set up your TypeScript project

Use LangChain’s current packages. For a support agent that talks to an LLM and can answer from approved context, you only need the core message types plus the OpenAI chat model package.

npm install langchain @langchain/openai zod

Set environment variables for your model provider and any internal service endpoints. In healthcare, keep secrets out of source control and route traffic through your approved network boundary.

2. •Create a support prompt with hard boundaries

The prompt should explicitly define what the agent can do: scheduling help, billing explanations, policy lookup, and escalation. It should also forbid diagnosis, treatment advice, or requests to expose sensitive medical details.

import { ChatOpenAI } from "@langchain/openai";
import { ChatPromptTemplate } from "langchain/prompts";
import { RunnableSequence } from "@langchain/core/runnables";

const llm = new ChatOpenAI({
  model: "gpt-4o-mini",
  temperature: 0,
});

const prompt = ChatPromptTemplate.fromMessages([
  [
    "system",
    `You are a healthcare customer support assistant.
Allowed tasks:
- appointment scheduling questions
- billing and insurance policy explanations
- clinic hours and location info
- routing to human support

Rules:
- Do not provide medical advice or diagnosis.
- Do not ask for unnecessary PHI.
- If the user requests clinical guidance, escalate to a human.
- If the user shares PHI, acknowledge it minimally and continue without repeating it.
- Use only approved policy context provided in the conversation.`,
  ],
  ["human", "{input}"],
]);

const chain = RunnableSequence.from([prompt, llm]);

3. •Add retrieval from approved healthcare documents

For real deployments, answers should come from curated content instead of free-form generation. LangChain’s retrievers let you ground responses in policy docs like copay rules, cancellation windows, prior authorization steps, or contact center scripts.

import { AIMessage } from "@langchain/core/messages";

type SupportContext = {
  input: string;
  policyContext: string;
};

const groundedPrompt = ChatPromptTemplate.fromMessages([
  [
    "system",
    `You are a healthcare support agent.
Answer only using the provided policy context.
If the answer is not in the context, say you need to escalate.`,
  ],
  ["human", "Question: {input}\n\nPolicy context:\n{policyContext}"],
]);

const groundedChain = RunnableSequence.from([
  groundedPrompt,
  llm,
]);

export async function answerSupportRequest(input: string) {
  const policyContext =
    "Appointments can be rescheduled up to 24 hours before visit time. Billing questions are handled by finance during business hours.";

  const result = await groundedChain.invoke({ input, policyContext });
  return (result as AIMessage).content;
}

4. •Wrap it in an API handler with escalation logic

A production agent needs routing logic before it ever returns text. If the user asks about symptoms, medication changes, test results interpretation, or anything that looks clinical, send it to a human queue immediately.

function needsEscalation(input: string): boolean {
  const clinicalTerms = [
    "symptom",
    "pain",
    "medication",
    "dose",
    "diagnosis",
    "test result",
    "lab result",
    "side effect",
  ];

  return clinicalTerms.some((term) => input.toLowerCase().includes(term));
}

export async function handleCustomerSupport(input: string) {
  if (needsEscalation(input)) {
    return {
      route: "human_handoff",
      message:
        "I can help with scheduling or billing questions. For anything clinical, I’m connecting you to a care team member.",
    };
  }

  const response = await answerSupportRequest(input);
  return {
    route: "ai_response",
    message: response,
  };
}

Production Considerations

• •

  Compliance

  • •Treat every prompt and response as regulated operational data.
  • •Define retention rules for logs and make sure your legal team signs off on storage duration.
• •

  Data residency

  • •Keep patient-related traffic inside approved regions.
  • •If your org requires it, pin model inference and vector storage to specific jurisdictions.
• •

  Auditability

  • •Log tool calls, retrieved documents, final answers, and handoff decisions.
  • •Store enough metadata to reconstruct why the agent answered or escalated.
• •

  Guardrails

  • •Add PHI detection before prompt construction and after output generation.
  • •Block unsupported actions like changing coverage decisions or interpreting labs.

Common Pitfalls

1. •

   Letting the model answer clinical questions

   • •Fix this with hard intent routing before LLM invocation.
   • •Maintain an explicit escalation list for symptoms, meds, diagnoses, pregnancy-related questions, and emergency language.
2. •

   Sending raw PHI into prompts

   • •Minimize payloads. Pass only what is needed for the task.
   • •Redact identifiers where possible and avoid echoing patient details back in responses.
3. •

   Using unapproved knowledge sources

   • •Don’t let the agent browse random internal docs or external websites.
   • •Restrict retrieval to reviewed healthcare content with versioning and ownership attached.
4. •

   Ignoring audit trails

   • •If you can’t explain why an answer was given after an incident review, your system isn’t ready.
   • •Capture inputs, retrieved context IDs, model version, tool outputs, and final route decisions.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.