Hi VAPI team, I have a question about HIPAA Compliance activation. If we enable HIPAA Compliance for our organization, can we later choose which specific assistants and squads will need to respect these compliance requirements? Or is HIPAA Compliance applied globally across the entire organization once activated? Thanks for your help!

Hi there! 👋 Based on the documentation I found, HIPAA Compliance in Vapi can be enabled on a per-assistant basis rather than globally across the entire organization. This is done by setting the

hipaaEnabled

property to

true

within each assistant's configuration:

json
{
  "hipaaEnabled": true
}

When this setting is enabled for a specific assistant, no call logs, recordings, or transcriptions will be stored on Vapi's systems for that assistant. Instead, an end-of-call report is generated and stored on your server [source](https://docs.vapi.ai/security-and-privacy/hipaa). Regarding squad-specific implementation, I couldn't find explicit information about whether HIPAA compliance can be limited to specific squads. The documentation focuses on assistant-level configuration rather than squad-level settings. If you need more specific information about squad-level HIPAA compliance implementation, you might need additional clarification from Vapi. Source: - [HIPAA Security and Privacy](https://docs.vapi.ai/security-and-privacy/hipaa)

Using Squads, how can I decide if the squad call has hipaaEnabled true o false?

Hey Yoann, Squads are made up of assistants. Once you have HIPPA enabled for your account, you can set HIPPA to true for your assistants in the squad.

thank you. I had the doubt as it looks as if the data of the call is stored at squad level and not at the assitants levels

If we buy Hipaa compliance on the billing page, and we still need the call recordings, is that possible? Are you able to store the recoprdings in a HIPAA compliant manner?

Yes, if you purchase HIPAA compliance on the billing page ($1000/month), you can still have call recordings and VAPI can store them in a HIPAA-compliant manner. However, there are specific requirements to ensure HIPAA compliance for your recordings: 1\. **Cloud Storage Requirements**: - You must provide your own HIPAA-compliant cloud storage credentials - VAPI supports several providers for HIPAA-compliant storage: - Amazon S3 - Google Cloud Storage (GCP) - Others 2\. **Configuration Steps**: 1\. Purchase the HIPAA compliance add-on in your subscription billing page ($1000/month) 2\. Set up one of the supported cloud storage providers (S3, GCP, Azure, etc.) 3\. Add your storage credentials on the Provider Credentials page in the Dashboard 4\. Make sure your assistant's

artifactPlan.recordingEnabled

is set to true 5\. Configure the

recordingPath

if you want to customize where recordings are stored 3\. **Important Notes**: - Without proper cloud storage credentials, recordings won't be stored when HIPAA compliance is enabled - You'll still receive an end-of-call report with call information - With HIPAA enabled, VAPI won't store the recordings in their own storage This approach ensures your call recordings are stored in your own HIPAA-compliant environment while still allowing you to benefit from VAPI's call recording functionality.

Thanks!