VAPI•4mo ago

HIPAA Compliance with IP Whitelisting Secured Storage

I'm building a HIPAA compliant application and we need to be able to securely store call recordings from VAPI.

Unfortunately, the storage service we're using requires IP whitelisting, but obviously there is no static set of IP addresses for egress provided by VAPI.

Is it possible to either:
Configure a set of IP addresses specific for egress
Expose a platform-agnostic call recording egress API in the "Integrations" page of the dashboard such that one could provide their own credentials to a self-hosted server

KyleAPP•9/8/25, 4:03 PM

Hi peoplekind,

For creating a HIPAA compliant application with Vapi and securely storing call recordings, you'll need to leverage your own HIPAA-compliant cloud storage with correct configurations. Vapi does not provide static IP addresses for egress, which affects IP whitelisting. However, you can workaround this by handling the recordings through your storage provider:

Cloud Storage Configuration: Use a HIPAA-compliant cloud storage provider (e.g., Amazon S3, Google Cloud Storage, Azure) that can securely receive your call recordings.
Storage Credentials: Set up your cloud storage credentials within Vapi to ensure that when HIPAA compliance is enabled, recordings are stored directly in your cloud environment, as Vapi itself does not store recordings with HIPAA mode enabled.
Integrations: While there is no platform-agnostic egress API currently available on the dashboard, ensuring that the correct webhook or cloud storage configuration captures the output from Vapi should align with your requirements.

For specific storage requirements that require IP whitelisting, consider using cloud providers that allow for dynamic IP management or setting up a VPN to secure these transactions. This aligns with maintaining compliance while working within the constraints of both Vapi and your storage provider.

For more details, please refer to the HIPAA Compliance documentation.

HIPAA Compliance | Vapi

Learn how to ensure privacy when using Vapi's voice assistant platform.

awake-maroonOP•9/9/25, 10:16 PM

Hi Aditya, I am ingesting logs properly now, however call recordings are still not showing up.

awake-maroonOP•9/9/25, 10:25 PM

I overrode the top-level recordingEnabledrecordingEnabled property in the assistant via the API and I'm now receiving logs, but the UI does not allow you to do this. Why would this be allowed via API config and not in the UI?

KyleAPP•9/11/25, 5:47 PM

Hey there, we reviewed the details of your request and brought this to our team's attention. We will be getting back to you as soon as we can. Thank you for your continued patience!

HIPAA Compliance with IP Whitelisting Secured Storage

Similar Threads

Similar Threads

Similar Threads