A reference architecture for HIPAA-aligned voice agents

Voice agents in healthcare live or die on one question from the security review: where does protected health information go, and who can see it? If you cannot answer that cleanly, the project does not ship. This is the reference architecture we deploy when PHI is in scope.

Start by minimizing what the agent ever holds. The transcription and reasoning layers operate on the smallest slice of context needed to complete the task, and PHI is tokenized before it touches any third-party model. The system of record stays the source of truth; the agent reads and writes through a scoped service, never a direct database connection.

Every interaction is logged immutably — who called, what was accessed, what action was taken, and which human approved anything sensitive. That audit trail is what turns a nervous compliance officer into a sign-off. Human-in-the-loop is not a fallback here; it is a designed step for any action that changes eligibility, coverage, or records.

None of this requires a slower experience. It requires the controls to be designed in from the first architecture diagram rather than bolted on before launch. Teams that treat compliance as the last sprint always miss the date.