Glossary

HIPAA compliance

The U.S. healthcare data law that governs how protected health information (PHI) is collected, stored, and shared. Any AI vendor handling clinic calls must be HIPAA-aligned and have a signed BAA.

HIPAA, the Health Insurance Portability and Accountability Act, is the U.S. baseline for handling patient data. Any AI agent that touches PHI (names, dates of birth, medical reasons for the call) operates under HIPAA whether the vendor admits it or not.

For a clinic buyer, the practical checklist is short. The vendor needs to sign a Business Associate Agreement (BAA). The vendor needs documented retention and breach notification policies. The vendor needs to encrypt PHI in transit and at rest, and to redact it from telemetry where it is not needed for operations.

Most CX-AI vendors will say they are 'HIPAA-aligned' without signing the BAA. That is not HIPAA compliance, that is marketing. The BAA is the contract that creates the obligation. Without it, there is no recourse if the vendor mishandles PHI.

How Vorel does this

Vorel signs a BAA on every healthcare master agreement, the BAA is non-optional, not a customization.

The next call doesn’t have to go to voicemail.

Book a thirty-minute demo. We point Vorel at one of your real numbers on the same call.