AI Voice Agents for Healthcare. HIPAA Built In.
Voice AI that handles patient calls without storing Protected Health Information. RAM-only audio processing. Zero data retention. Proprietary TTS voices that never leave our GPU cluster. BAA included. Built for agencies serving dental, medical, and mental health practices.
Why Voice AI Needs HIPAA Compliance
Every phone call to a healthcare practice can contain PHI. Most voice AI platforms weren't designed to handle it.
Voice Data Is PHI
When a patient calls a dental office and says "I need to reschedule my root canal for next Thursday," that audio contains Protected Health Information - name, treatment type, appointment details. Under HIPAA, every system that touches this data must protect it.
Most Voice AI Platforms Store Everything
Typical voice AI platforms record calls, store transcripts, and log conversation history for analytics. That data sits on cloud servers, often processed by third-party ASR and TTS providers - each one a potential HIPAA liability.
Third-Party API Chains Create Risk
Platforms that route audio through Deepgram, OpenAI, and ElevenLabs send PHI across multiple third-party systems. Each provider needs a separate BAA. Each hop is a potential breach point. Each vendor is outside your control.
How Voquii Protects PHI
HIPAA mode is a per-bot toggle in the dashboard. When enabled, the entire voice pipeline switches to zero-retention mode. Audio flows through RAM, gets processed by the GPU, and the response is sent back - nothing is written to disk, stored in a database, or sent to any third-party provider.
- RAM-only audio processing - no disk writes at any pipeline stage
- Zero transcript and recording retention
- Voquii-only TTS voices - audio never leaves our GPU cluster
- Third-party voice APIs (ElevenLabs, OpenAI) automatically disabled
- Call recording auto-disabled when HIPAA mode is on
- PHI log suppression with [REDACTED-HIPAA] tokens
- Per-bot toggle - enable HIPAA for healthcare clients only
Audio stream arrives via telephony provider
Audio response streamed back to caller
Real-Time Compliance Verification
The HIPAA settings page in your dashboard runs live system-level checks every time you load it. It verifies HIPAA mode status, voice provider configuration, disk encryption, swap status, firewall rules, SSH config, database auth, and audit logging - all in real time. No self-attestation. No checkboxes. Actual system verification.
- Application Controls - HIPAA mode, voice provider, recording, log suppression
- Encryption - LUKS full-disk, TLS in transit, SCRAM-SHA-256 database auth
- Memory Protection - swap disabled, kernel swappiness zero
- Access Controls - SSH key-only, UFW firewall, restricted DB ports, fail2ban
- Audit & Monitoring - PostgreSQL audit logging, Linux auditd
- Legal - BAA template available for download
Every Layer Protected
HIPAA compliance isn't just about the application. The infrastructure itself must be hardened.
LUKS Full-Disk Encryption
NVMe storage encrypted with LUKS2 AES-XTS-256. Decryption keys held solely by Voquii. Data at rest is unreadable without the key.
TLS 1.2+ Everywhere
All connections use TLS 1.2+ via Caddy reverse proxy with auto-renewed Let's Encrypt certificates. No unencrypted traffic.
Swap Disabled
No swap partition or swap file active. RAM contents cannot leak to disk. Kernel swappiness set to zero.
SSH Key-Only Access
Password-based SSH is disabled. Only cryptographic key pairs accepted. Fail2ban blocks brute-force attempts.
Firewall + Restricted Ports
UFW firewall with default-deny policy. PostgreSQL ports only accessible from authorized GPU server IPs.
Audit Logging
PostgreSQL logs all connections and DDL statements. Linux auditd tracks file access and privilege escalation.
Business Associate Agreement (BAA)
A custom BAA template is available for download directly from your HIPAA settings dashboard. It includes a “Blind Provider” clause - recognizing that Voquii operates as an infrastructure provider without logical access to PHI when HIPAA mode is enabled. Audio flows through our hardware but is never stored, read, or processed outside the real-time voice pipeline.
HIPAA Compliance: Voquii vs Vapi vs Retell AI
How the platforms compare on healthcare compliance.
| Feature | Voquii | Vapi | Retell AI |
|---|---|---|---|
| HIPAA Mode | Built-in per-bot toggle | Not available | Available |
| BAA Provided | Yes (Blind Provider clause) | No | Yes |
| Data Retention | Zero (RAM-only) | Stores transcripts & logs | Configurable |
| Audio Processing | Self-hosted GPU (no third-party) | Third-party ASR/TTS APIs | Third-party ASR/TTS APIs |
| TTS Provider | Proprietary (Voquii only) | ElevenLabs, PlayHT, etc. | Cartesia, ElevenLabs, etc. |
| Disk Encryption | LUKS2 AES-XTS-256 | Cloud provider managed | Cloud provider managed |
| Compliance Dashboard | Live system-level checks | Not available | Not available |
| SOC 2 Type II | Not certified | Not certified | Certified |
Built for Agencies Serving Healthcare
Deploy HIPAA-compliant AI voice agents for any healthcare practice that takes inbound phone calls.
Dental Practices
AI receptionist for appointment scheduling, insurance questions, and after-hours call handling. The most common use case for voice AI in healthcare.
Medical Clinics
Handle appointment requests, office hours, and general inquiries. Route urgent calls to on-call staff with live transfer.
Mental Health Practices
Sensitive patient calls handled with zero data retention. No transcripts, no recordings. Appointment booking with calendar sync.
Home Health Agencies
Manage caregiver scheduling inquiries, new patient intake calls, and after-hours triage routing.
Med Spas & Dermatology
Book consultations, answer service questions, and handle high call volumes during marketing campaigns.
Insurance & Benefits
Field enrollment inquiries, explain plan details from a knowledge base, and route complex questions to licensed agents.
HIPAA-Compliant Voice AI. Flat Rate. No PHI Risk.
$497/mo flat. HIPAA mode built in. BAA included. RAM-only processing. Zero data retention. Proprietary voices on our own GPUs.
$497/mo flat · No setup fees · 10 sub-accounts, white label · HIPAA mode + BAA included