From 2dd854a2bdd355523e5bbe02d0c7fb6668466e2c Mon Sep 17 00:00:00 2001 From: sailingnat Date: Tue, 24 Feb 2026 17:02:27 -0800 Subject: [PATCH] Delete structured outputs section for HIPAA compliance Removed section on structured outputs in HIPAA mode, including usage guidelines and configuration instructions as we introduce a new hipaa mode that will allow customers to use structured outputs --- fern/security-and-privacy/hipaa.mdx | 73 ----------------------------- 1 file changed, 73 deletions(-) diff --git a/fern/security-and-privacy/hipaa.mdx b/fern/security-and-privacy/hipaa.mdx index 6881fcd47..eafe2e8c6 100644 --- a/fern/security-and-privacy/hipaa.mdx +++ b/fern/security-and-privacy/hipaa.mdx @@ -97,79 +97,6 @@ When enabling HIPAA compliance, only HIPAA compliant providers may be chosen. -## Structured Outputs with HIPAA Mode - -When HIPAA mode is enabled, Vapi does not store structured outputs by default. This protects privacy but limits your ability to use structured outputs in Insights and Call Logs. For non-sensitive outputs, you can override this behavior. - - - - By default, when HIPAA mode is on, Vapi doesn't store structured outputs. This keeps data private but limits your ability to use structured outputs in Insights and Call Logs. - - You can enable storage for specific structured outputs using the `compliancePlan.forceStoreOnHipaaEnabled` setting. This allows you to store non-sensitive outputs even when HIPAA mode is active. - - **Important:** Your organization is responsible for ensuring that any structured output with storage enabled does NOT extract or generate PHI or sensitive data. Only use this for non-sensitive information. - - - - Enable storage ONLY for structured outputs that extract non-sensitive, non-PHI information. - - **Safe use cases:** - - Boolean outcomes: `appointmentBooked: true/false` - - Call success indicators: `issueResolved: true/false` - - General categories: `issueCategory: "billing" | "technical" | "general"` - - Satisfaction scores: `csatScore: 1-10` - - Call sentiment: `sentiment: "positive" | "neutral" | "negative"` - - **Never enable storage for:** - - Patient diagnosis information - - Medical record numbers - - Social security numbers - - Credit card details - - Patient names, dates of birth, or contact information - - Treatment plans or medication information - - **Warning:** Enabling storage for outputs containing PHI violates HIPAA compliance and your BAA with Vapi. - - - - You can enable storage for specific structured outputs via the Dashboard or API. - - **Via Dashboard:** - 1. Navigate to **Structured Outputs** in the left sidebar - 2. Create or edit a structured output - 3. Expand the **Compliance Settings** section - 4. Enable the toggle for "Enable Storage of Structured Outputs while on HIPAA Mode" - 5. Only enable if your output does not extract sensitive information - - **Via API:** - - When creating a structured output: - ```json - { - "name": "Appointment Booked", - "type": "ai", - "schema": { - "type": "boolean", - "description": "Whether an appointment was successfully booked" - }, - "compliancePlan": { - "forceStoreOnHipaaEnabled": true - } - } - ``` - - When updating a structured output: - ```json - { - "compliancePlan": { - "forceStoreOnHipaaEnabled": true - } - } - ``` - - **IMPORTANT:** Only set `forceStoreOnHipaaEnabled: true` if you are certain your structured output does NOT extract PHI or sensitive data. Your organization is responsible for ensuring compliance. Misuse could result in BAA violations. - - ## Best Practices