Update hipaa.mdx

Author: nikhilro

fern/security-and-privacy/hipaa.mdx

@@ -77,7 +77,7 @@ Note: The default value for hipaaEnabled is false. Activating this setting is a
   <Accordion title="What are best practices for ensuring HIPAA compliance with Vapi?">
     - Enable `hipaaEnabled` at the organization level
     - Ensure that PHI only passes through the call pipeline and is not stored in configuration
-    - Use HIPAA-compliant enterprise accounts with all third-party providers (STT, LLM, TTS)
+    - Use HIPAA-compliant accounts with all third-party providers (STT, LLM, TTS)
     - Be mindful of test/demo assistants where compliance might be turned off for testing purposes - never use these with real PHI
     - Remember that with HIPAA compliance enabled, Vapi won't store logs, recordings, or transcriptions
   </Accordion>
@@ -88,7 +88,7 @@ Note: The default value for hipaaEnabled is false. Activating this setting is a
     Under the Business Associate Agreement (BAA), you agree:
     1. Not to introduce PHI onto Vapi's platform through its API or dashboard except as permitted
     2. To use HIPAA-compliant accounts with external providers when providing keys
-    3. Not to use underlying providers through Vapi without having HIPAA-compliant enterprise accounts with those providers
+    3. To only use HIPAA-compliant providers that Vapi has signed BAA with when not providing keys. This includes OpenAI, Azure, Google, Anthropic, Deepgram, ElevenLabs, Cartesia, and PlayHT. For updated list, check security.vapi.ai
     4. To use the platform in accordance with all BAA requirements
   </Accordion>
 </AccordionGroup>