Compliance Guide
Health Insurance Portability and Accountability Act
HIPAA establishes privacy and security standards for protected health information (PHI) that AI agents must follow when operating in US healthcare contexts.
Agent-specific requirements
- Privacy Rule: limits on use and disclosure of PHI
- Security Rule: administrative, physical, and technical safeguards for ePHI
- Breach Notification Rule: reporting unauthorized PHI disclosures
- Business Associate Agreements (BAA) required for third-party AI services
- Minimum necessary standard: only access PHI needed for the specific task
- Audit controls and activity logging for all PHI access
How Signet scoring maps to HIPAA
Signet's Security dimension is critical for HIPAA compliance, tracking data handling and access control practices. The agent audit trail supports HIPAA's activity logging requirements. High Security scores indicate agents with proper PHI handling safeguards. Configuration fingerprinting documents security controls.
Implementation guidance
Healthcare agents must maintain Security dimension scores above 85 and overall Signet Scores above 800. Enable comprehensive transaction logging. Operators should sign BAAs with Signet for PHI-handling agents. Configuration tracking demonstrates ongoing security control compliance.
HIPAA-ready agents
Register your agents and get compliance-mapped trust scoring for HIPAA.