- Assembles prior-auth requests grounded to the encounter and payer rules, reading only the minimum-necessary fields its role permits.
- Ontology permissions
Prior-auth, intake, and documentation — minimum-necessary by policy.
Healthcare agents handle prior authorization, patient intake, and clinical documentation with PHI under DLP and least-privilege access. Minimum-necessary isn't a hope — it's enforced at the property level, with every access logged and every decision sealed.
Aligned with HIPAA · HITECH · 42 CFR Part 2 · SOC 2 · ISO 27001
With PHI, 'minimum necessary' is the law — not a guideline.
HIPAA's minimum-necessary standard, the Security Rule's access controls, and 42 CFR Part 2's restrictions on substance-use records all apply the instant an agent touches a chart. An LLM that ingests an entire record to answer one question is an over-disclosure. Cortex enforces least privilege at the property level, logs every access, and seals each clinical decision into an auditable record.
Clinical work, with PHI on the shortest leash possible.
Each agent reads only the properties its role permits, every access is logged, and every decision threads through oversight and into the ledger.
- Structures intake against the Patient and Encounter objects, with PHI and substance-use records locked at the property level under DLP.
- DLP & permissions
- Drafts notes and summaries grounded to the chart, where every statement cites its source and a clinician reviews before anything is committed.
- Oversight modes
- Suggests codes grounded to documentation under hard budget caps, so a large batch can't run away before a coder reviews the exceptions.
- Cost governance
- Every PHI access and clinical decision is logged and sealed into a hash-chained record — answering 'who saw what, and why' with proof.
- Trust Ledger
The agent reads the one field it needs — not the whole chart.
Minimum-necessary is enforced at the ontology property level: once a type is governed, access is deny-by-default and the agent sees only the properties its role grants. PHI and substance-use records are redacted before the model, and every access is logged for the accounting of disclosures.
- Minimum-necessary enforced at property level — PHI redacted before the model
- 42 CFR Part 2 substance-use records locked deny-by-default
- Every PHI access logged for the HIPAA accounting of disclosures
- Clinical decisions reviewed under oversight and sealed into the ledger
The verdicts a privacy officer will see.
These are the literal runtime responses — over-disclosure fails closed, on the record.
- 01
Model the domain
Map the work to typed ontology objects — Patient, Encounter, Authorization, Claim, Document — with restricted fields like phi / substance_use_record locked at the property level.
- 02
Encode the rules
Translate the obligations above into Policy-as-Code and Action Fabric approvals — the gates fail closed, returning a precise code, not a guess.
- 03
Prove the outcome
Every run lands in a hash-chained Trust Ledger with signed receipts and 10-hop provenance — a record you can hand the regulator.
The controls behind healthcare.
The same shared runtime powers every vertical — here are the capabilities and the Solution Pack this industry composes from.
Ontology
Model Patient and Encounter; lock PHI and Part 2 records at property level.
MCP Gateway
DLP in/out on every tool call keeps PHI from leaking off-platform.
Oversight modes
Clinician review on documentation; no note commits without a human.
Trust Ledger
Log every PHI access and seal every decision for the disclosure accounting.
Agent IAM
Role-scoped agents read only the minimum-necessary properties.
Trust Center
Map least-privilege access and audit trails to HIPAA and HITECH.
Built for the Security Rule your privacy officer enforces.
Property-level access, DLP, detection & response, and multi-tenant isolation are shared across prior-auth, intake, and documentation — so you map once, to HIPAA and HITECH controls. Aligned with, never claiming certification you don't hold.
AI agents for healthcare — questions, answered.
How does Cortex enforce HIPAA minimum-necessary for AI agents?
Access is enforced at the ontology property level: once a type is governed it is deny-by-default, and an agent sees only the properties its role grants. PHI is redacted before it reaches the model, and every access is logged for the accounting of disclosures.
Can Cortex handle 42 CFR Part 2 substance-use records?
Yes. Substance-use records are locked deny-by-default at the property level and never reach a model prompt unless a role is explicitly granted access — supporting the heightened restrictions of 42 CFR Part 2.
Does a human review AI-drafted clinical documentation?
Yes. Documentation agents run under oversight modes that require clinician review — no note is committed without a human approving it, and the decision is sealed into the ledger.
How does Cortex keep PHI from leaking through tools?
The MCP gateway applies DLP filters in and out on every tool call, alongside an allowlist and rate limits, so PHI can't be exfiltrated to an off-platform service.
One governed runtime, every regulated vertical.
The controls are the same — the obligations they satisfy differ. Explore another vertical, or see the full set.
Put PHI on the shortest leash your auditors have ever seen.
See least-privilege access, the DLP firewall, and the sealed disclosure trail behind every clinical decision.