What 'HIPAA-compliant voice AI' really means — a buyer's checklist

Every voice AI vendor in healthcare claims HIPAA compliance. Most are telling the truth in a narrow technical sense and lying in a way that matters operationally. This is a buyer's checklist for separating the two — the questions that should be on every procurement questionnaire, and the answers that should make you walk away.

Compliance is not a checkbox. It is an architecture, a contract, and a set of operational practices that hold up under real audit. A voice AI platform can be HIPAA-compliant on paper while creating real downstream risk for your organization. This article walks through what to ask, what to look for, and what to refuse.

The bare minimum: what HIPAA actually requires

HIPAA compliance for a voice AI vendor processing patient data requires, at minimum:

• A signed Business Associate Agreement (BAA) between your organization and the vendor
• Signed BAAs between the vendor and every subprocessor in their chain that touches PHI
• Administrative, physical, and technical safeguards appropriate to the data being handled
• Breach notification procedures consistent with the HITECH Act
• Access controls, audit controls, and integrity controls

The bare minimum is not enough. Voice AI introduces a specific class of risks that generic HIPAA frameworks were not written for — risks around speech-to-text providers, large language model APIs, and the question of what gets stored, where, for how long, and who else can see it.

The procurement checklist

1. Will you sign our BAA, or do you require yours?

A vendor that refuses to sign your BAA, or that insists on terms materially weaker than the HHS Sample BAA, is not ready for enterprise healthcare procurement. Watch for: indemnification carve-outs for AI-specific failures, broad data-use rights, or retention windows longer than your records retention policy.

2. Provide the full subprocessor list with BAA status

A modern voice AI platform typically uses at least five subprocessors: a telephony provider, a speech-to-text provider, a text-to-speech provider, one or more reasoning model providers, and a cloud infrastructure provider. Each one must have a BAA with the vendor. If the vendor cannot produce the list in 24 hours, they do not actually know it — which is itself a red flag.

3. Where is data processed, and where does it reside?

Many speech-to-text and language model providers run multi-region by default. A voice AI vendor that has not explicitly pinned every subprocessor to US-only regions is moving your patients' data across borders without telling you. Insist on US-only for every component in the chain.

4. What is retained, and for how long?

Specifically: raw call audio, transcripts, prompt logs, response logs, structured outputs, audit metadata. Each one has a different retention story. The honest answer for most components should be "not retained beyond the call, unless you opt in." The dangerous answer is "retained for 90 days for quality assurance."

5. Are reasoning model APIs configured for zero retention?

Both OpenAI and Anthropic offer enterprise tiers with zero-retention APIs. Without zero-retention configured, your patients' words flow through the model provider's logs, even if briefly. This is the single most common compliance gap in voice AI deployments. Ask for the API configuration in writing.

6. Is customer data used to train models?

The answer must be unconditional no — not the vendor's models, not any third party's. "We may use de-identified data" is a yellow flag, because de-identification of voice data is genuinely hard, and your contract should not assume the vendor will get it right.

7. What does the audit log capture, and can we query it?

A serious vendor logs every state transition: every prompt, every tool call, every decision, every knowledge source consulted, every handoff. The log is hash-chained, append-only, and accessible to the customer via API. A vendor that cannot show you their audit query interface in a demo does not have one.

8. How are tenants isolated?

Single-tenant deployments are the cleanest answer. Multi-tenant with row-level security policies is acceptable. Multi-tenant without row-level security is a deal-breaker for anything beyond pilot scope.

9. What is the breach notification SLA?

24 hours from detection is industry-standard for confirmed incidents involving customer data. Slower than that signals the vendor has not operationalized incident response.

10. Do you have SOC 2, and at what level?

SOC 2 Type II is the procurement-standard ask. A vendor without SOC 2 is not disqualified — but they should be able to show you their roadmap with named auditor and dates, and the gap should be closing on a credible timeline.

Red flags that should end the conversation

The following responses, observed in real procurement reviews, are each sufficient grounds to walk away from a voice AI vendor in healthcare:

• "We'll get back to you on the subprocessor list" — they don't know it
• "We don't need a BAA for transcripts" — they don't understand HIPAA
• "Data is encrypted, so retention doesn't matter" — encryption protects against external breach, not insider access or accidental exposure
• "Our model providers are HIPAA-compliant" — without naming them, configuring zero-retention, and producing the BAAs
• "We don't share architecture details for competitive reasons" — they may not have one
• Refusal to participate in your security questionnaire
• Refusal of pen test results or third-party security attestations

What good looks like

A serious voice AI vendor for healthcare can answer every question above in writing in a single business day. They can produce a BAA, a subprocessor list, a data flow diagram, and a SOC 2 status document on request. They will participate in your security questionnaire process and turn it around in three to five business days, not three weeks.

Their architecture is built around minimum-necessary access. Patient data is held only at the boundary, only for the duration of one interaction, and is destroyed before any persistent system writes the call. Their audit log is queryable, hash-chained, and covers every state change end to end.

The vendors who get HIPAA right do not treat compliance as a feature. They treat it as the architecture — the constraint that everything else has to fit inside.

What to do with this checklist

Send it as part of your initial RFP. Use the responses to score vendors. The exercise will eliminate at least half of the candidates in the first round, and reveal the remaining half's actual posture — not their marketing posture.

At iBridge, every question on this checklist has a published answer on our security page or in the BAA we will sign on day one. We encourage every prospective customer to ask all ten questions of every vendor they evaluate, including us. Compliance done seriously is the cheapest insurance an RCM operation or a clinic group can buy.