https://vapi.ai/ logo
Join Discord
Powered by
HIPAA Compliance Recordings?
# support
i
Hello, When enabling hippaCompliance are we able to persist the recordings in a hippa compliant environment? also wondering if there are any in depth docs on live call control (ie. what kinds of control messages we can send outside of 'say') and are there docs on setting up a US (+1) vonage number for outbound calling?
v
Hi there! I've found some information that should help with your questions: ### HIPAA Compliance and Recordings When you enable HIPAA compliance (
hipaaEnabled: true
), Vapi will not store any recordings, transcriptions, or call logs during or after calls. This is a key requirement for maintaining HIPAA compliance [(source)](https://docs.vapi.ai/security-and-privacy/hipaa). If you need recordings while maintaining HIPAA compliance, you would need to: 1. Configure your own external storage solution (like S3) 2. Manage the recording outside of Vapi's systems 3. Ensure your storage solution is HIPAA-compliant You can implement real-time audio recordings in chunks during calls, but these won't be stored on Vapi's systems when HIPAA compliance is enabled [(source)](https://docs.vapi.ai/security-and-privacy/hipaa). ### Live Call Control Documentation For live call control, Vapi supports several types of control messages beyond 'say': 1. **Add Message**:
Copy code
json
{
  "type": "add-message",
  "message": {
    "role": "system", // Valid roles: system, user, assistant, function, tool
    "content": "Your custom message here"
  }
}
2. **Transfer**:
Copy code
json
{
  "type": "transfer",
  "destination": {
    "type": "number", // or "sip"
    "number": "+1234567890" // if type is "number"
    // or
    "sipUri": "sip:user@domain.com" // if type is "sip"
  },
  "content": "Optional message to say before transfer"
}
You can find more details in the [Call Features documentation](https://docs.vapi.ai/calls/call-features). ### Setting Up a US Vonage Number for Outbound Calling To set up a US (+1) Vonage number for outbound calling: 1. **If you already have a Vonage number**: - Import it into Vapi using your Vonage credentials - Use this format:
Copy code
json
   {
     "number": "+12145551234", // Your Vonage Number
     "provider": "vonage"
   }
2. For outbound calling, use the 
/call/phone
endpoint: ```bash
curl --location 'https://api.vapi.ai/call/phone' \ --header 'Authorization: Bearer your-vapi-private-api-key' \ --header 'Content-Type: application/json' \ --data '{ "assistantId": "your-assistant-id", "customer": { "number": "+11234567890" }, "phoneNumberId": "your-phone-number-id" }' ``` You can find more details in the [Phone Numbers Import Guide](https://docs.vapi.ai/quickstart/phone/outbound) and [Create Phone Call Documentation](https://docs.vapi.ai/api-reference/calls/create-phone-call). Sources: - [Vapi Compliance Documentation](https://docs.vapi.ai/security-and-privacy/hipaa) - [Vapi Call Features Documentation](https://docs.vapi.ai/calls/call-features) - [Phone Numbers Import Guide](https://docs.vapi.ai/quickstart/phone/outbound) - [Create Phone Call Documentation](https://docs.vapi.ai/api-reference/calls/create-phone-call)
Hi there! I've found some information that should help with your questions 👋 ### HIPAA Compliance and Recordings Yes, you can persist recordings in a HIPAA compliant environment, but with some important considerations: - When 
hipaaEnabled
is set to 
true
, Vapi doesn't store call logs, recordings, or transcriptions on their systems - To persist recordings, you'll need to: 1. Set 
recordingEnabled
to 
true
in your configuration 2. Configure your assistant to push recordings to your own cloud storage (like AWS S3 or Azure Blob) Here's an example configuration:
Copy code
json
{
  "artifactPlan": {
    "recordingEnabled": true
  },
  "compliancePlan": {
    "hipaaEnabled": true
  }
}
For AWS S3 storage, you'd configure something like:
Copy code
json
{
  "providerKeys": {
    "s3": {
      "accessKeyId": "YOUR_ACCESS_KEY",
      "secretAccessKey": "YOUR_SECRET_KEY",
      "region": "us-west-1"
    }
  }
}
[Learn more about HIPAA compliance](https://docs.vapi.ai/security-and-privacy/hipaa) ### Live Call Control Documentation For live call control, Vapi offers two core functionalities: 1. **Call Control**: For dynamic injection of conversation elements 2. **Call Listen**: For real-time audio streaming over WebSockets The main control message types include: - `say`: To inject a verbal message - `add-message`: To add other messages such as system messages Example of injecting a message:
Copy code
bash
curl -X POST 'https://your.control.url' \
-H 'content-type: application/json' \
--data-raw '{
  "type": "say",
  "message": "Welcome to Vapi, this message was injected during the call."
}'
[Check out the Live Call Control documentation](https://docs.vapi.ai/calls/call-features) ### Setting Up a US Vonage Number for Outbound Calling Here are the steps to set up a US Vonage number: 1. Create an Assistant in the [Vapi Dashboard](https://dashboard.vapi.ai/) 2. Get a Phone Number - two options: - Create a new number through Vapi by selecting a US area code
- Import an existing Vonage number by providing your Vonage credentials 3. Configure the Dialer using the 
/call/phone
endpoint:
Copy code
python
import requests

headers = {
  'Authorization': f'Bearer YOUR_VAPI_API_KEY',
  'Content-Type': 'application/json',
}

data = {
  'assistantId': 'YOUR_ASSISTANT_ID',
  'phoneNumberId': 'YOUR_PHONE_NUMBER_ID',
  'customer': {'number': '+14151231234'},
}

response = requests.post('https://api.vapi.ai/call/phone', headers=headers, json=data)
[See the Outbound Calling Quickstart guide](https://docs.vapi.ai/quickstart/phone/outbound) Hope this helps! Let me know if you need any clarification. Sources: - [Vapi HIPAA Documentation](https://docs.vapi.ai/security-and-privacy/hipaa) - [Live Call Control](https://docs.vapi.ai/calls/call-features) - [VAPI Outbound Calling Quickstart](https://docs.vapi.ai/quickstart/phone/outbound) - [VAPI API Reference](https://docs.vapi.ai/quickstart/phone/outbound)
k
When you enable 
hipaaEnabled
in the compliance plan: 1\. **Default Behavior**: By default, when HIPAA compliance is enabled, no logs, recordings, or transcriptions will be stored by Vapi. This is clearly documented in the 
CompliancePlan
class: 2\. **Recording with HIPAA Compliance**: However, if you want to record calls while maintaining HIPAA compliance, you can do so by: - Setting 
recordingEnabled: true
in the 
artifactPlan
- Providing your own HIPAA-compliant cloud storage credentials The system supports several cloud storage providers for HIPAA-compliant recording storage: - Amazon S3 - Google Cloud Storage (GCP) - Cloudflare - Azure Blob Storage - Supabase 3\. **Important Condition**: If HIPAA compliance is enabled but no compatible cloud storage credentials are provided, recordings will not be stored at all, as shown in the code: 4\. **UI Configuration**: The Vapi dashboard UI automatically disables the recording options when HIPAA compliance is enabled (as a safety measure), but you can override this behavior if you have configured the necessary cloud storage. \## Summary Yes, you can persist recordings in a HIPAA-compliant environment when enabling HIPAA compliance in Vapi, but you must: 1\. Provide your own HIPAA-compliant cloud storage credentials (S3, GCP, Azure, Cloudflare, or Supabase) 2\. Explicitly enable recording in the 
artifactPlan
settings 3\. Understand that Vapi itself will not store any recordings, logs, or transcriptions - they will only be stored in your configured cloud storage This allows you to maintain HIPAA compliance while still being able to record and access call data through your own secure cloud storage environment.
For Using US numbers you can checkout this documentation
i
@Shubham Bajaj @User Is there any documentation on what credentials are specifically needed for uploading to S3? Do I need to create an IAM role? Additionally does VAPI handle the upload process? Or does the recording get sent to me via a webhook and I need to upload it to S3
k
Here is a link to the documentation on how to set up and create the credentials for using AWS. Using your credentials, we upload the recordings to S3. You don't have to
i
Thanks!
k
Marking this ticket as Solved ✅
Hi, checking if this is resolved/solved for you?
3 Views
PreviousNext
Powered by