By Sagar Shankaran, Founder of CallSphere
Every leg of an AI call — caller to edge, edge to ASR, ASR to LLM, LLM to EHR — is a transmission under 45 CFR 164.312(e). Here is the TLS 1.3 and mTLS architecture that holds up in 2026.
Key takeaways
An AI voice call is not one transmission. It is a chain of seven or eight, and each one has to satisfy 45 CFR 164.312(e)(1) on its own merits. The 2026 NPRM makes that chain explicit.
The Transmission Security standard at 45 CFR 164.312(e)(1) requires technical security measures to guard ePHI against unauthorized access while in motion. The two implementation specifications — Integrity Controls at 164.312(e)(2)(i) and Encryption at 164.312(e)(2)(ii) — are addressable today and become required under the December 27, 2024 NPRM. NIST SP 800-66 Rev. 2 maps the standard to NIST SP 800-52 Rev. 2 (Guidelines for TLS Implementations), which in 2026 mandates TLS 1.2 with strong cipher suites at the floor and TLS 1.3 as the recommendation. NIST SP 800-53 control SC-8 (Transmission Confidentiality and Integrity) is the corresponding technical control.
A modern AI voice call traverses: caller PSTN/SIP to telecom carrier, carrier to platform edge (SIP TLS or SRTP), edge to realtime ASR (WebSocket over TLS), ASR to LLM (HTTPS), LLM to tool gateway (HTTPS), tool gateway to EHR (FHIR over HTTPS, often mTLS), and post-call to data warehouse (TLS). Every hop is in scope.
Hear it before you finish reading
Talk to a live CallSphere AI voice agent in your browser — 60 seconds, no signup.
AI introduces new transit patterns. WebSockets stay open for the duration of a call and stream tokens bidirectionally — TLS 1.3 with 0-RTT disabled is the only sane default. Server-sent events are increasingly common for streaming completions. mTLS becomes essential for service-to-service calls because session-token replay against an LLM endpoint is a real attack class. Token authorization headers carrying short-lived JWTs need rotation every 5–15 minutes. SIP-to-PSTN legs still drop down to SRTP, which is acceptable but documented in the risk analysis.
Every external endpoint terminates TLS 1.3 with PFS-only cipher suites — no static-RSA, no TLS 1.0/1.1, HSTS preloaded. Internal service-to-service calls use mTLS with workload-identity certs rotated every 24 hours. The encrypted PostgreSQL healthcare_voice database accepts only TLS 1.3 connections from the application tier. Realtime ASR and LLM connections are WebSocket-over-TLS-1.3 with 0-RTT disabled. SIP traffic uses SIP-TLS plus SRTP for media. Healthcare Voice Agent's 14 tools all hit the EHR via mTLS-protected FHIR endpoints. Audit logs capture every TLS negotiation result. The platform is HIPAA and SOC 2 aligned, with 37 production agents, 90+ tools, 115+ DB tables, 6 verticals, 50+ businesses, and a 4.8/5 rating. Pricing is $149 Starter, $499 Pro, $1,499 Scale; 14-day trial; 22% lifetime affiliate. See /industries/healthcare.
flowchart LR
A[Caller] -->|SIP-TLS+SRTP| B[Edge SBC]
B -->|TLS 1.3| C[Voice Agent]
C -->|WSS TLS 1.3| D[Realtime ASR/LLM]
C -->|mTLS| E[Tool Gateway]
E -->|mTLS FHIR| F[EHR]
C -->|TLS 1.3| G[(healthcare_voice)]
Is TLS 1.2 still allowed? Yes — NIST SP 800-52 Rev. 2 still permits TLS 1.2 with strong cipher suites. TLS 1.3 is the recommendation and the easier default in 2026.
What about SRTP for media? SRTP is widely accepted under 164.312(e). Document the cipher (AES-128-CTR or AES-256-CTR) in the risk analysis.
Still reading? Stop comparing — try CallSphere live.
CallSphere ships complete AI voice agents per industry — 14 tools for healthcare, 10 agents for real estate, 4 specialists for salons. See how it actually handles a call before you book a demo.
Do internal pod-to-pod calls need encryption? Under the 2026 NPRM, yes. Service-mesh mTLS via Istio, Linkerd, or Consul Connect is the standard answer.
Can we use API keys instead of mTLS? For low-risk endpoints, yes. For anything touching PHI, mTLS with short-lived workload identity is the safer answer.
What about WebRTC media in the browser? WebRTC media is DTLS-SRTP by spec; signaling is whatever WSS you put it on. Both qualify under 164.312(e) when configured with modern cipher suites.
Written by
Sagar Shankaran· Founder, CallSphere
Sagar Shankaran is the founder of CallSphere, where he builds production AI voice and chat agents deployed across healthcare, hospitality, real estate, and home services. He writes about agentic AI, LLM engineering, and shipping voice agents that handle real calls in production.
See how AI voice agents work for your industry. Live demo available -- no signup required.
Using GPT-Realtime-2 for healthcare voice agents. BAA scope, PHI handling, retention, logging, and why a managed platform usually wins this build.
The 2024 NPRM proposes mandatory penetration tests every 12 months and vulnerability scans every 6 months. Here is how an AI voice agent should be tested in 2026.
AI voice and chat logs are a treasure trove for analytics and a liability landmine for HIPAA. Here is how the two de-identification methods at 45 CFR 164.514 actually apply to multi-turn AI transcripts.
Dental practices have HIPAA-aligned obligations and a uniquely high-volume recall and insurance-verification workload. The AI agent that handles both is the highest-ROI build in 2026 — if it is wired correctly.
Healthcare Practice Use Case perspective on Harvey AI's enterprise rollout numbers show legal agents have moved past the pilot stage at AmLaw 100 firms.
Healthcare Practice Use Case perspective on Comet's general-availability launch put an agentic browser in front of millions of consumers, and it works better than the demos suggested.
© 2026 CallSphere LLC. All rights reserved.