By Sagar Shankaran, Founder of CallSphere
Confidential computing, secure enclaves, and zero-knowledge proofs are no longer research curiosities. Here is how a 2026 HIPAA-aligned AI voice platform uses private compute on PHI.
Key takeaways
Encryption at rest and in transit leave one gap: encryption in use. Confidential computing closes it. By 2026 it is supported across AWS Nitro, Azure Confidential, and GCP Confidential VMs — and the BAA implications are real.
Encryption in use does not have a dedicated HIPAA citation. It is implied across 45 CFR 164.312(a)(2)(iv) (encryption and decryption), 45 CFR 164.308(a)(1) (security management process), and 45 CFR 164.314(a) (BA technical safeguards). The 2024 NPRM raises the bar on encryption broadly. NIST SP 800-66 Rev. 2 routes implementers to the broader cryptographic literature; the Confidential Computing Consortium and NIST IR 8517 (forthcoming) cover hardware-backed enclaves. NIST SP 800-188 (de-identification) and NIST IR 8053 (de-identification of personal information) plus HHS OCR de-identification guidance support the related discipline of computing on minimally-identifiable data.
AI on PHI faces a fundamental tension: the model needs to see the data to reason, but the platform should never see it in cleartext. Three patterns close the gap. (1) Confidential computing — encrypted memory, attestation, and runtime isolation in TEE/SGX/SEV/Nitro. AI inference runs inside the enclave; even cloud-provider operators cannot read memory. (2) Zero-knowledge proofs — prove a property of data without revealing the data itself. Useful for eligibility verification, age checks, and compliance attestations. (3) Federated learning and on-device inference — the model goes to the data, not the other way around. (4) Differential privacy and homomorphic encryption — rarer in voice latency budgets but maturing.
Hear it before you finish reading
Talk to a live CallSphere AI voice agent in your browser — 60 seconds, no signup.
CallSphere uses confidential computing for high-sensitivity behavioral-health and SUD workloads. AI inference workers for the /lp/behavioral-health vertical run inside AWS Nitro enclaves with attestation, so even cloud operators cannot read live conversation memory. The encrypted healthcare_voice PostgreSQL (1 of 115+ tables) supports always-encrypted columns for direct identifiers. Selected eligibility-verification flows use zero-knowledge attestations rather than transmitting full PHI. On-device inference is offered for high-touch behavioral-health partners. The 14 Healthcare Voice Agent tools split into "needs cleartext PHI" and "operates on hashed/proof-only inputs" categories. The platform is HIPAA and SOC 2 aligned, 37 agents, 90+ tools, 115+ DB tables, 6 verticals, 50+ businesses, 4.8/5. Pricing $149/$499/$1,499; 14-day trial; 22% lifetime affiliate. See /lp/behavioral-health.
flowchart LR
Caller[Caller] -->|TLS 1.3| Edge[Edge]
Edge -->|Encrypted| Enclave[Nitro Enclave]
Enclave --> Att[Attestation]
Enclave --> LLM[LLM Inference]
LLM --> ZKP[ZK Proof Gen]
ZKP --> Payer[Eligibility Verify]
Enclave --> PG[(healthcare_voice\nAlways-Encrypted Cols)]
Is confidential computing required by HIPAA? No. It is a strong control that satisfies multiple safeguards simultaneously and shines for behavioral health and SUD.
Does ZKP work for voice AI? Useful for narrow flows like eligibility verification or attestations. Not a primary inference path today.
Still reading? Stop comparing — try CallSphere live.
CallSphere ships complete AI voice agents per industry — 14 tools for healthcare, 10 agents for real estate, 4 specialists for salons. See how it actually handles a call before you book a demo.
What is the latency hit? Modern enclaves add 5–15 ms for typical inference workloads — well within voice budgets.
Do model vendors support this? AWS Bedrock and Azure Confidential offer enclave-resident inference for select models. Coverage is growing.
Is this overkill for outpatient primary care? For most primary care, encryption at rest plus in transit plus ZDR is sufficient. Reserve confidential computing for the highest-sensitivity flows.
Written by
Sagar Shankaran· Founder, CallSphere
Sagar Shankaran is the founder of CallSphere, where he builds production AI voice and chat agents deployed across healthcare, hospitality, real estate, and home services. He writes about agentic AI, LLM engineering, and shipping voice agents that handle real calls in production.
See how AI voice agents work for your industry. Live demo available -- no signup required.
Using GPT-Realtime-2 for healthcare voice agents. BAA scope, PHI handling, retention, logging, and why a managed platform usually wins this build.
The 2024 NPRM proposes mandatory penetration tests every 12 months and vulnerability scans every 6 months. Here is how an AI voice agent should be tested in 2026.
AI voice and chat logs are a treasure trove for analytics and a liability landmine for HIPAA. Here is how the two de-identification methods at 45 CFR 164.514 actually apply to multi-turn AI transcripts.
Dental practices have HIPAA-aligned obligations and a uniquely high-volume recall and insurance-verification workload. The AI agent that handles both is the highest-ROI build in 2026 — if it is wired correctly.
Healthcare Practice Use Case perspective on Harvey AI's enterprise rollout numbers show legal agents have moved past the pilot stage at AmLaw 100 firms.
Healthcare Practice Use Case perspective on Comet's general-availability launch put an agentic browser in front of millions of consumers, and it works better than the demos suggested.
© 2026 CallSphere LLC. All rights reserved.