HIPAA alignment

Let agents touch PHI without losing the audit trail.

HIPAA governs protected health information (PHI) for covered entities and their business associates. Its Security Rule requires administrative, physical, and technical safeguards — access controls, audit controls, integrity, and transmission security — and the Privacy Rule limits use to the minimum necessary. When an agent reads a chart or drafts a prior-auth, it handles PHI. Cortex enforces minimum-necessary access at the property level and seals every PHI touch into a tamper-evident ledger.

Built for the HIPAA Security & Privacy Rules · BAA on request

audit/verify
#101hash ✓#102hash ✓#103hash ✓#104hash ✓#105hash ✓
head 0x9f3a…c1ok: true
verifyChain ▸ chained SHA-256 · signed receipts
What HIPAA is

HIPAA Security & Privacy Rules, in plain language.

HIPAA (the Health Insurance Portability and Accountability Act) protects individually identifiable health information. The Security Rule (45 CFR Part 164, Subpart C) requires technical safeguards: access control (§164.312(a)), audit controls (§164.312(b)), integrity (§164.312(c)), and transmission security (§164.312(e)). The Privacy Rule adds the minimum-necessary standard — use and disclose only the PHI needed for the task. For AI agents, the risk is over-broad access and an unprovable trail. Cortex addresses both: ontology property-level permissions enforce minimum-necessary at read time, DLP screens PHI in and out of tool calls, and the hash-chained Trust Ledger gives you audit controls whose integrity is itself provable.

applies to ▸ United States healthcare · covered entities & business associates

The obligations — and how Cortex maps to them

Each requirement becomes an enforced, recorded control.

HIPAA's technical safeguards and the minimum-necessary standard map directly onto Cortex's data-layer controls. Each PHI access is gated and recorded, so an OCR audit finds a complete, tamper-evident trail.

§164.312(a) · Access control
  • Ontology property-level permissions on PHI fields
  • Agent IAM scopes which agents may read which objects
  • Minimum-necessary enforced — restricted reads fail closed
  • 403 denied on any over-broad PHI access
§164.312(b) · Audit controls
  • Every PHI access sealed into the Trust Ledger
  • verifyChain proves the access log was not altered
  • 10-hop lineage: who accessed, why, and under what policy
  • Signed receipts as offline-verifiable evidence
§164.312(c) · Integrity
  • Hash-chained records detect insert / edit / delete
  • Datapoint provenance pins facts to source records
  • Action Fabric compensation reverses improper writes
  • value_hash proves a value was not altered after write
Minimum necessary
  • DLP screens PHI in and out of every tool call
  • Output guardrails redact PHI from generated content
  • Oversight gate holds high-risk disclosures for review
  • Cost caps bound bulk processing of PHI (402)
Transmission & isolation
  • TLS 1.2+ in transit; AES-256 at rest
  • Tenant isolation keyed on (tenantId, id) everywhere
  • Air-gapped deployment with local models, zero external calls
  • Business Associate Agreement available on request
The control mapping

From a written obligation to provable evidence.

Every obligation reduces to a fail-closed runtime gate whose verdict lands in a tamper-evident ledger you can hand an examiner. This is the table a Compliance Pack exports for this framework.

ObligationEnforced Cortex controlLedger evidence
§164.312(a) — access control / unique identityOntology permissions + Agent IAM403 on restricted read
§164.312(b) — audit controlsTrust Ledger (hash-chained)verifyChain ▸ ok:true
§164.312(c) — integrity of PHIvalue_hash + record_hash chainhashOk:false flags edits
Minimum-necessary use & disclosureDLP + output guardrails451 PHI redacted
§164.312(e) — transmission securityTLS in transit · AES-256 at restencrypted · tenant-isolated
Accountable for every PHI touch10-hop lineage + receiptslineage/:correlationId
Compliance Packs

One-click evidence export, straight from the Trust Ledger.

An OCR investigation or a breach review turns on your access and audit logs. A Compliance Pack maps the Security Rule safeguards to their Cortex controls and exports the sealed PHI-access records — whose integrity verifyChain can prove, closing the gap a mutable log leaves open.

  • The HIPAA control map, generated — not assembled by hand
  • Sealed run records you can verifyChain offline
  • Datapoint provenance: every fact threads back to its source
  • Honest by construction — evidence is generated, never asserted
01 · Humanrisk-ops@nw02 · AgentFraud Triage03 · Skilltriage.v404 · Promptsha 0x3a…05 · Policyapprove≥5k06 · Modelclaude-opus07 · ToollookupCase08 · Artifactmemo #447109 · Outcomeapproved10 · Approvalj.lee
Prove it — don't just claim it

The HIPAA verdicts you'll see in the demo.

These are not slideware promises — they are the literal codes and receipts the runtime returns when you challenge it against this framework's controls.

gate verdicts ▸ HIPAA
Over-broad PHI field read denied403 read deniedenforced
PHI redacted from agent output451 DLP redactenforced
PHI access trail integrity provenverifyChain ok:trueproven
Improper write reversedcompensatedproven
compliance-pack ▸ generated from the trust ledger · verifiable offline
Getting audit-ready

Three steps from HIPAA on paper to provable.

  1. 01

    Map

    Pick HIPAA. Cortex lines each obligation up against the runtime gate that enforces it — no spreadsheet archaeology.

  2. 02

    Enforce

    Every agent run passes the same fail-closed gates. A denied control returns a real code (402 / 403 / 409) — never a silent pass.

  3. 03

    Prove

    Export a Compliance Pack: the mapping table plus the sealed ledger records that show each control fired, verifiable offline.

Aligned with — never certified-claimed

Cortex is built for and aligned with the HIPAA Security and Privacy Rules and will sign a Business Associate Agreement. There is no HIPAA certification; compliance is your obligation as a covered entity or business associate, supported by the controls and evidence Cortex enforces.

The controls behind the mapping

The Cortex capabilities that satisfy this framework.

Each obligation above is enforced by a real capability in the runtime. Explore the ones that do the work for this framework.

Compliance framing

Built for the frameworks your auditors already cite.

The sealed ledger, signed receipts, and lineage graph map to the obligations across every regime you report against — aligned with, never claiming a certification you don't hold.

EU AI ActNIST AI RMFISO 42001SOC 2HIPAAFINRAIRS Circular 230

Turn HIPAA from a burden into a button.

See how Cortex maps HIPAA to enforced controls and exports auditor-grade evidence on demand.