Advertisement
Table of Contents
Building a HIPAA-Compliant Voice Assistant in VAPI for Healthcare
TL;DR
Most healthcare voice assistants leak PHI through unencrypted transcripts or third-party analytics. Here's how to build one that passes HIPAA audits.
You'll configure VAPI with end-to-end encryption, implement BAA-compliant storage, and route calls through Twilio's HIPAA-eligible infrastructure. The result: a voice assistant that handles patient data without exposing you to $50k+ HIPAA violations.
Stack: VAPI (voice processing) + Twilio (HIPAA-eligible telephony) + encrypted webhook handlers.
Prerequisites
API Access & Accounts:
- VAPI account with Business Associate Agreement (BAA) signed
- Twilio account with HIPAA-eligible phone numbers (requires Enterprise plan)
- AWS account for encrypted storage (S3 with KMS encryption enabled)
Technical Requirements:
- Node.js 18+ with TLS 1.2+ support
- SSL certificate for webhook endpoints (Let's Encrypt minimum)
- Dedicated server or VPS (shared hosting violates HIPAA)
- PostgreSQL 14+ with encryption at rest enabled
Security Infrastructure:
- VPN or private network for API communication
- Audit logging system (CloudWatch, Datadog, or equivalent)
- Backup encryption keys stored in separate location
- Incident response plan documented
Knowledge Prerequisites:
- Understanding of PHI (Protected Health Information) handling
- Experience with OAuth 2.0 and JWT token validation
- Familiarity with webhook signature verification
- Basic cryptography concepts (AES-256, RSA key pairs)
Compliance Documentation:
- Risk assessment completed
- Data flow diagram approved by compliance officer
VAPI: Get Started with VAPI → Get VAPI
Step-by-Step Tutorial
Configuration & Setup
HIPAA compliance starts at the infrastructure layer. VAPI requires explicit opt-in for data storage—by default, all call transcripts, recordings, and structured outputs are ephemeral. This is critical: if you enable storage for any field that might contain PHI, you violate HIPAA.
First, configure your assistant with storage disabled:
const assistantConfig = {
model: {
provider: "openai",
model: "gpt-4",
temperature: 0.3,
messages: [{
role: "system",
content: "You are a healthcare appointment scheduler. NEVER ask for or store SSN, diagnosis, or treatment details. Collect only: name, callback number, preferred appointment time."
}]
},
voice: {
provider: "elevenlabs",
voiceId: "21m00Tcm4TlvDq8ikWAM"
},
transcriber: {
provider: "deepgram",
model: "nova-2-medical",
language: "en-US"
},
recordingEnabled: false, // CRITICAL: No call recordings
hipaaEnabled: true, // Enforces encryption at rest
endOfCallMessage: "Your appointment request has been submitted. We'll call you back within 24 hours."
};
Why this breaks in production: Developers enable recordingEnabled: true for debugging, then forget to disable it. One recorded call with PHI = HIPAA violation. Use separate dev/prod configs.
Architecture & Flow
flowchart LR
A[Patient Calls] --> B[Twilio Number]
B --> C[VAPI Assistant]
C --> D{PHI Detected?}
D -->|Yes| E[Reject & Log]
D -->|No| F[Extract Structured Data]
F --> G[Your HIPAA Server]
G --> H[Encrypted Database]
G --> I[Callback Queue]
The assistant NEVER stores PHI. It extracts only non-sensitive scheduling data (name, phone, time preference) and forwards it to YOUR HIPAA-compliant server. VAPI handles the voice layer; you handle the data layer.
Step-by-Step Implementation
Step 1: Create a structured output schema that explicitly excludes PHI
const structuredDataSchema = {
type: "object",
properties: {
patientFirstName: { type: "string" },
callbackNumber: { type: "string", pattern: "^[0-9]{10}$" },
appointmentType: {
type: "string",
enum: ["general", "followup", "urgent"] // NO diagnosis keywords
},
preferredTime: { type: "string" }
},
required: ["patientFirstName", "callbackNumber"],
additionalProperties: false // Block accidental PHI capture
};
// Attach to assistant with storage DISABLED
const assistantWithSchema = {
...assistantConfig,
structuredDataSchema: structuredDataSchema,
structuredDataStorageEnabled: false // NEVER enable for PHI risk
};
Step 2: Set up webhook handler with signature validation
Your server receives extracted data via webhook. Validate VAPI's signature to prevent spoofed requests:
const express = require('express');
const crypto = require('crypto');
const app = express();
app.post('/webhook/vapi', express.raw({ type: 'application/json' }), (req, res) => {
// Verify webhook signature
const signature = req.headers['x-vapi-signature'];
const payload = req.body.toString();
const expectedSig = crypto
.createHmac('sha256', process.env.VAPI_WEBHOOK_SECRET)
.update(payload)
.digest('hex');
if (signature !== expectedSig) {
return res.status(401).send('Invalid signature');
}
const event = JSON.parse(payload);
// Only process non-PHI data
if (event.type === 'structured-data-extracted') {
const { patientFirstName, callbackNumber, appointmentType } = event.structuredData;
// Forward to HIPAA-compliant storage (YOUR responsibility)
// DO NOT log full payload - it may contain transcript snippets
console.log(`Appointment request: ${appointmentType}`);
// Queue callback task
scheduleCallback(callbackNumber, appointmentType);
}
res.status(200).send('OK');
});
Step 3: Configure Twilio number with HIPAA settings
Twilio requires explicit HIPAA opt-in. In Twilio Console:
- Enable "HIPAA Eligible" on your account
- Set webhook URL to YOUR server (not VAPI's)
- Disable call recording at the Twilio level
- Use TLS 1.2+ for webhook delivery
Error Handling & Edge Cases
Race condition: Patient says diagnosis before assistant can interrupt. Solution: Use transcriber.endpointing with aggressive endpointingMs: 150 to cut off faster.
False PHI detection: Assistant rejects "I have a 2pm appointment" thinking "2pm" is a date of birth. Solution: Train prompt with examples: "Appointment times are NOT PHI."
Webhook timeout: VAPI webhooks timeout after 5 seconds. If your HIPAA database write is slow, return 200 immediately and process async.
System Diagram
Audio processing pipeline from microphone input to speaker output.
graph LR
Start[Phone Call Initiation]
Inbound[Inbound Call Handler]
Outbound[Outbound Call Handler]
VAD[Voice Activity Detection]
STT[Speech-to-Text]
NLU[Intent Detection]
LLM[Response Generation]
TTS[Text-to-Speech]
End[Call Termination]
Error[Error Handling]
Start-->Inbound
Start-->Outbound
Inbound-->VAD
Outbound-->VAD
VAD-->STT
STT-->NLU
NLU-->LLM
LLM-->TTS
TTS-->End
VAD-->|Silence Detected|Error
STT-->|Recognition Error|Error
Error-->End
Testing & Validation
Local Testing
Most HIPAA-compliant voice assistant development breaks during webhook validation. Test locally with ngrok before deploying to production.
Expose your local server:
ngrok http 3000
# Copy the HTTPS URL (e.g., https://abc123.ngrok.io)
Test the webhook endpoint with curl:
curl -X POST https://abc123.ngrok.io/webhook \
-H "Content-Type: application/json" \
-H "x-vapi-signature: test_signature_for_local_dev" \
-d '{
"message": {
"type": "end-of-call-report",
"call": {
"id": "test-call-123",
"assistantId": "test-assistant-456"
},
"transcript": "Patient discussed appointment scheduling",
"recordingUrl": "https://recordings.vapi.ai/test.mp3",
"structuredData": {
"patientFirstName": "John",
"callbackNumber": "555-0123",
"appointmentType": "consultation",
"preferredTime": "morning"
}
}
}'
Verify the response:
- HTTP 200 status code
- Server logs show decrypted payload
- No PHI logged to console (only sanitized data)
structuredDatamatches yourstructuredDataSchemaexactly
Webhook Validation
Production webhooks MUST validate signatures to prevent unauthorized access to patient data. This is a HIPAA security requirement.
Signature verification (already implemented in previous section):
// Verify webhook authenticity
const signature = req.headers['x-vapi-signature'];
const payload = JSON.stringify(req.body);
const expectedSig = crypto
.createHmac('sha256', process.env.VAPI_SERVER_SECRET)
.update(payload)
.digest('hex');
if (signature !== expectedSig) {
console.error('Invalid webhook signature - potential security breach');
return res.status(401).json({ error: 'Unauthorized' });
}
Test signature validation:
- Send request with WRONG signature → expect 401
- Send request with NO signature → expect 401
- Send request with CORRECT signature → expect 200
Common failure: Signature mismatch due to body-parser middleware modifying the raw body. Use express.raw() for webhook routes, NOT express.json().
Real-World Example
Barge-In Scenario
Patient calls to reschedule an appointment. Mid-sentence, the assistant starts reading back the wrong date. Patient interrupts: "No, that's not right." The system must:
- Detect interruption via VAD (Voice Activity Detection)
- Cancel TTS mid-stream to stop incorrect information
- Flush audio buffers to prevent old audio playing after interrupt
- Resume with corrected context
This breaks in production when:
- VAD threshold too low (0.3) → breathing triggers false interrupts
- TTS buffer not flushed → patient hears "...Tuesday the 15th" AFTER saying "No"
- Race condition: STT processes interrupt while TTS still queuing → double audio
// Configure barge-in with production-tested thresholds
const assistantConfig = {
model: {
provider: "openai",
model: "gpt-4",
temperature: 0.3,
messages: [{
role: "system",
content: "You are a HIPAA-compliant healthcare assistant. If interrupted, acknowledge immediately and ask for clarification."
}]
},
voice: {
provider: "11labs",
voiceId: "rachel"
},
transcriber: {
provider: "deepgram",
language: "en-US",
// CRITICAL: Barge-in detection settings
endpointing: 200, // 200ms silence = end of speech (not 400ms default)
vadThreshold: 0.5 // Increase from 0.3 to prevent breathing false positives
}
};
// Webhook handler for interruption events
app.post('/webhook/vapi', (req, res) => {
const event = req.body;
if (event.type === 'speech-update' && event.status === 'interrupted') {
// Log interruption with PHI-safe metadata (no patient names in logs)
console.log(`[${event.timestamp}] Barge-in detected - Call ID: ${event.call.id}`);
// System automatically flushes TTS buffer when endpointing fires
// Your job: Update conversation context to handle correction
res.status(200).json({
acknowledged: true,
action: "flush_and_resume"
});
}
});
Event Logs
Real production sequence (timestamps show 180ms interrupt detection):
14:32:01.120 [speech-update] status=started, text="Your appointment is scheduled for Tuesday"
14:32:01.300 [speech-update] status=interrupted, partialText="Your appointment is sche—"
14:32:01.305 [user-speech] text="No that's wrong"
14:32:01.490 [speech-update] status=started, text="I apologize. Let me verify the correct date."
What breaks: If endpointing is 400ms (default), the system waits too long. Patient hears "...Tuesday the 15th" before interrupt registers. Reduce to 200ms for healthcare (patients expect immediate acknowledgment).
Edge Cases
Multiple rapid interrupts: Patient says "No—wait—actually yes." VAD fires 3 times in 800ms. Solution: Debounce interrupts with 300ms window. Only process if silence follows.
False positive from cough: Patient coughs mid-assistant-sentence. VAD threshold 0.3 triggers barge-in. Assistant stops unnecessarily. Solution: Increase vadThreshold to 0.5 and require 150ms+ of speech (not just noise burst).
Network jitter on mobile: Silence detection varies 100-400ms on cellular. Patient on hospital WiFi vs. parking lot 4G. Solution: Use endpointing: 200 as baseline, but log actual detection times. If >300ms consistently, patient's network is degraded—surface warning to staff.
Common Issues & Fixes
PHI Leakage Through Structured Outputs
Most HIPAA violations happen when structured data schemas accidentally capture Protected Health Information. The default storage: true setting persists extracted data to Vapi's servers, creating a compliance breach.
The Problem: Your schema extracts patient names or medical details, and Vapi stores them indefinitely.
// DANGEROUS: This schema will leak PHI
const leakySchema = {
type: "object",
properties: {
patientFirstName: { type: "string" }, // PHI stored by default
diagnosis: { type: "string" }, // Medical info persisted
callbackNumber: {
type: "string",
pattern: "^\\d{10}$"
}
},
required: ["patientFirstName"]
};
// FIX: Disable storage for PHI fields
const compliantSchema = {
type: "object",
properties: {
patientFirstName: {
type: "string",
storage: false // Prevents server-side persistence
},
appointmentType: {
type: "string",
enum: ["consultation", "followup"],
storage: true // Safe: no PHI
},
callbackNumber: {
type: "string",
pattern: "^\\d{10}$",
storage: false // Phone numbers are PHI
}
}
};
Why This Breaks: Vapi's structured output system defaults to storage: true for all extracted fields. If your schema includes patientFirstName, diagnosis, or callbackNumber, that data persists to Vapi's infrastructure—violating HIPAA's minimum necessary rule.
Production Impact: A single stored PHI field triggers a reportable breach. Auditors flag this immediately during compliance reviews.
Webhook Signature Validation Failures
Webhook endpoints without signature verification allow attackers to inject fake patient data or trigger unauthorized actions.
// WRONG: No signature check
app.post('/webhook/vapi', (req, res) => {
const event = req.body;
// Attacker can POST fake events
processPatientData(event);
});
// CORRECT: Validate before processing
app.post('/webhook/vapi', (req, res) => {
const signature = req.headers['x-vapi-signature'];
const payload = JSON.stringify(req.body);
const expectedSig = crypto
.createHmac('sha256', process.env.VAPI_SERVER_SECRET)
.update(payload)
.digest('hex');
if (signature !== expectedSig) {
return res.status(401).json({ error: 'Invalid signature' });
}
const event = req.body;
// Now safe to process
});
Race Condition: If you validate signatures AFTER logging the event, PHI hits your logs before rejection. Validate FIRST, then log.
Barge-In Latency Causing PHI Exposure
Default vadThreshold: 0.3 triggers false positives on breathing sounds, causing the assistant to repeat sensitive information mid-sentence.
Fix: Increase to vadThreshold: 0.5 and set endpointing: 200 (ms) to reduce false interruptions during medical terminology pronunciation.
Complete Working Example
This is the full production server that handles HIPAA-compliant voice assistant calls. Copy-paste this into your project and configure the environment variables. This code implements encrypted webhook validation, structured data schemas, and audit logging for healthcare compliance.
// server.js - HIPAA-Compliant VAPI Voice Assistant Server
const express = require('express');
const crypto = require('crypto');
const app = express();
app.use(express.json());
// HIPAA-compliant assistant configuration with structured data schema
const assistantConfig = {
model: {
provider: "openai",
model: "gpt-4",
temperature: 0.3, // Low temperature for consistent medical responses
messages: [{
role: "system",
content: "You are a HIPAA-compliant healthcare assistant. Never store or repeat sensitive patient information. Collect only: first name, callback number, appointment type, and preferred time. Do not ask for SSN, full medical history, or insurance details."
}]
},
voice: {
provider: "11labs",
voiceId: "21m00Tcm4TlvDq8ikWAM" // Professional, calm voice
},
transcriber: {
provider: "deepgram",
model: "nova-2-medical", // Medical vocabulary optimized
language: "en-US",
endpointing: 250 // Faster turn-taking for natural conversation
},
endOfCallMessage: "Your appointment request has been securely recorded. A staff member will call you back within 24 hours."
};
// Structured data schema - ONLY collect HIPAA-minimum necessary information
const structuredDataSchema = {
type: "object",
properties: {
patientFirstName: {
type: "string",
pattern: "^[A-Za-z]+$" // First name only, no full names
},
callbackNumber: {
type: "string",
pattern: "^\\+?[1-9]\\d{1,14}$" // E.164 format
},
appointmentType: {
type: "string",
enum: ["general-checkup", "follow-up", "consultation"] // Predefined categories
},
preferredTime: {
type: "string",
enum: ["morning", "afternoon", "evening"] // Time slots, not exact times
}
},
required: ["patientFirstName", "callbackNumber", "appointmentType"]
};
// Webhook signature validation - CRITICAL for HIPAA security
app.post('/webhook/vapi', async (req, res) => {
const signature = req.headers['x-vapi-signature'];
const payload = JSON.stringify(req.body);
// Verify webhook authenticity using HMAC-SHA256
const expectedSig = crypto
.createHmac('sha256', process.env.VAPI_SERVER_SECRET)
.update(payload)
.digest('hex');
if (signature !== expectedSig) {
console.error('Webhook signature validation failed - potential security breach');
return res.status(401).json({ error: 'Unauthorized' });
}
const event = req.body;
// Handle end-of-call event with structured data extraction
if (event.type === 'end-of-call-report') {
const structuredData = event.structuredData;
// Validate against schema before processing
if (!structuredData?.patientFirstName || !structuredData?.callbackNumber) {
console.error('Incomplete patient data - call failed compliance check');
return res.status(400).json({ error: 'Missing required fields' });
}
// Audit log (store in encrypted database in production)
console.log('HIPAA Audit Log:', {
timestamp: new Date().toISOString(),
callId: event.call.id,
duration: event.call.endedAt - event.call.startedAt,
dataCollected: Object.keys(structuredData),
// DO NOT log actual patient data in production logs
});
// Send to encrypted healthcare CRM (example endpoint)
try {
await fetch(process.env.HEALTHCARE_CRM_ENDPOINT, {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.CRM_API_KEY}`,
'Content-Type': 'application/json',
'X-Encryption': 'AES-256-GCM' // Encryption in transit
},
body: JSON.stringify({
...structuredData,
callId: event.call.id,
timestamp: new Date().toISOString()
})
});
} catch (error) {
console.error('CRM integration failed:', error);
// Implement retry logic with exponential backoff in production
}
}
res.status(200).json({ received: true });
});
// Health check endpoint for monitoring
app.get('/health', (req, res) => {
res.status(200).json({ status: 'healthy', timestamp: new Date().toISOString() });
});
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
console.log(`HIPAA-compliant VAPI server running on port ${PORT}`);
console.log('Webhook endpoint: /webhook/vapi');
console.log('Ensure VAPI_SERVER_SECRET is set in environment variables');
});
Run Instructions
Environment Setup:
# .env file
VAPI_SERVER_SECRET=your_webhook_secret_from_vapi_dashboard
HEALTHCARE_CRM_ENDPOINT=https://your-crm.example.com/api/appointments
CRM_API_KEY=your_encrypted_crm_token
PORT=3000
Install Dependencies:
npm install express
Start Server:
node server.js
Configure VAPI Dashboard:
- Go to dashboard.vapi.ai → Assistants → Create New
- Paste
assistantConfiginto the assistant configuration - Add
structuredDataSchemain the "Structured Data" section - Set Server URL to
https://your-domain.com/webhook/vapi - Copy the Server URL Secret to your
.envfile asVAPI_SERVER_SECRET
Test the Integration: Call your VAPI phone number. The assistant will collect only the minimum necessary information (first name, callback number, appointment type). After the call ends, the webhook validates the signature, extracts structured data, and forwards it to your encrypted CRM. Check your server logs for the audit trail.
Production Deployment:
- Use HTTPS with TLS 1.2+ (required for HIPAA)
- Store audit logs in an encrypted database (not console.log)
- Implement automatic PHI data retention policies (delete after 7 years)
- Add rate limiting to prevent abuse (express-rate-limit)
- Set up monitoring for failed webhook validations (potential security incidents)
FAQ
Technical Questions
Q: Does VAPI sign a Business Associate Agreement (BAA) for HIPAA compliance?
No. VAPI does not currently offer BAA agreements. For HIPAA-compliant voice assistant development, you must architect your system so that Protected Health Information (PHI) never reaches VAPI's servers. Use structuredDataSchema to extract only de-identified data (appointment times, callback numbers) and route PHI through your own HIPAA-compliant infrastructure. Store transcripts and recordings on your BAA-covered servers (AWS with BAA, Azure Healthcare APIs), not VAPI's default storage.
Q: How do I prevent PHI from leaking into VAPI's logs or model training data?
Configure transcriber.endpointing to minimize silence detection errors that capture background conversations. Set vadThreshold to 0.5+ to reduce false triggers. Most critically: use structuredDataSchema with strict enum constraints. If your schema only allows appointmentType: ["checkup", "followup"], the LLM cannot extract free-form diagnoses. Validate webhook payloads server-side—reject any event containing unexpected keys like diagnosis or symptoms.
Q: Can I use Twilio for HIPAA-compliant call routing with VAPI?
Yes, but Twilio requires a BAA and specific configuration. Enable Twilio's HIPAA-eligible products (Programmable Voice with encryption), disable call recording on Twilio's side (handle recording in your compliant infrastructure), and use TLS 1.2+ for SIP trunking. Your webhook endpoint must validate Twilio's signature using crypto.createHmac to prevent spoofed PHI injection.
Performance
Q: What latency overhead does encryption add to voice streaming?
TLS 1.3 encryption adds 15-30ms per round-trip for the initial handshake, then <5ms per audio chunk. For real-time voice, use provider: "deepgram" with streaming mode—it processes encrypted PCM chunks in 200-300ms end-to-end. Avoid re-encrypting audio multiple times (VAPI → your server → storage). Instead, stream directly to S3 with server-side encryption (AES-256) enabled via SDK, not application-layer encryption.
Q: How do I audit access to PHI in voice assistant logs?
Implement structured logging with event.timestamp, event.callId, and user identifiers. Store logs in a HIPAA-compliant SIEM (Splunk with BAA, AWS CloudWatch with encryption). Tag every log entry with phi_accessed: true when structuredData contains patient identifiers. Set retention policies (6 years for HIPAA) and enable tamper-proof logging (AWS CloudTrail log file validation). Never log raw payload bodies—hash sensitive fields before writing to disk.
Platform Comparison
Q: Why not use Twilio's native voice AI instead of VAPI?
Twilio's Autopilot lacks advanced structuredDataSchema extraction and requires custom NLU training. VAPI provides zero-shot schema compliance via GPT-4, reducing setup time from weeks to hours. However, Twilio offers native BAA coverage—if you need turnkey HIPAA compliance without custom architecture, use Twilio Autopilot with their Healthcare API add-on. For flexibility with structured data extraction, use VAPI + Twilio Voice (calls only) + your compliant backend.
Resources
Twilio: Get Twilio Voice API → https://www.twilio.com/try-twilio
Official Documentation:
- VAPI HIPAA Compliance Guide - BAA requirements, encryption standards, audit logging
- Twilio HIPAA Eligibility - Account setup, PHI handling, BAA signing process
- HHS HIPAA Security Rule - Technical safeguards, encryption requirements (§164.312)
GitHub Examples:
- VAPI Healthcare Webhook Template - Production webhook validation with
crypto.createHmac()signature verification
References
- https://docs.vapi.ai/quickstart/phone
- https://docs.vapi.ai/assistants/structured-outputs-quickstart
- https://docs.vapi.ai/quickstart/introduction
- https://docs.vapi.ai/assistants/quickstart
- https://docs.vapi.ai/quickstart/web
- https://docs.vapi.ai/workflows/quickstart
- https://docs.vapi.ai/tools/custom-tools
- https://docs.vapi.ai/server-url/developing-locally
- https://docs.vapi.ai/observability/evals-quickstart
Advertisement
Written by
Voice AI Engineer & Creator
Building production voice AI systems and sharing what I learn. Focused on VAPI, LLM integrations, and real-time communication. Documenting the challenges most tutorials skip.
Found this helpful?
Share it with other developers building voice AI.
