Compliance artifact
HIPAA Security Rule mapping.
Control-by-control coverage for the 2025 proposed amendments as they apply to AI agents handling PHI, from nxthreat, a Tampa Dynamics product.
HHS OCR published proposed Security Rule modifications on January 6, 2025. The proposal raises expectations for technology asset inventories, risk analysis, encryption, MFA, vulnerability management, and documentation. AI systems that create, receive, maintain, or transmit ePHI belong in that scope.
A BAA names obligations between parties. It does not prove what an agent did at runtime. Existing EHR audit logs, SIEM events, and endpoint controls rarely capture tool schema integrity, indirect prompt injection, FHIR-aware scope, and signed agent-level decisions in one artifact.
The mapping table
| Control | AI-specific requirement | nxthreat coverage |
|---|---|---|
| §164.312(a)(1) Access Control | AI systems that touch ePHI need unique access boundaries, not borrowed user tokens or shared service credentials. | Identity broker issues agent workload identity. Policy engine scopes every tool call to operation, FHIR resource, patient context, and purpose. Product detail |
| §164.312(b) Audit Controls | Covered entities need hardware, software, or procedures that record and examine activity in systems containing ePHI. | Append-only receipt ledger using S3 Object Lock and KMS signatures records agent ID, tenant, action, FHIR scope, decision, and timestamp. Evidence packs include a zero-dependency verifier CLI so the audit chain is verifiable without trusting nxthreat as a third party. Product detail |
| §164.312(c)(1) Integrity | AI tool definitions and outputs must not be altered without detection when they influence ePHI access or modification. | Content-hash-pinned schema registry uses SHA-256 over canonical JSON; drift is detected and the request is rejected. Injection guard inspects tool outputs for indirect prompt injection before the agent acts on them. Product detail |
| §164.312(e)(1) Transmission Security | ePHI moving between agents, tools, and FHIR endpoints needs protected transport and tamper-evident records. | nxthreat sits in the runtime path, enforces TLS-only upstream and downstream connections, and records each transmission decision in signed receipts. Product detail |
| §164.308(a)(1)(ii)(A) Risk Analysis | Risk analysis must include AI systems that create, receive, maintain, or transmit ePHI, including tool chains and data flows. | Evidence packs expose agent inventory, FHIR resources touched, tool calls, rejected requests, and policy decisions for risk reviews. Product detail |
| Encryption at rest | The proposed Security Rule baseline makes encryption of ePHI at rest a default expectation unless an exception is documented. | Receipt ledger stores evidence in encrypted object storage with tenant-scoped keys and retention controls aligned to the customer's evidence policy. Product detail |
| Encryption in transit | AI agents and MCP servers must not move ePHI over cleartext links or unauthenticated channels. | Runtime proxy requires encrypted transport for client, MCP, FHIR, webhook, and ledger connections. Rejected transport attempts produce receipts. Product detail |
| Multi-factor authentication | Human access to administrative systems that affect ePHI requires strong authentication and auditable administrative actions. | nxthreat does not replace the customer IdP. It relies on the customer's SSO/MFA controls for administrator access and binds agent credentials to approved administrators. Product detail |
| Network segmentation | AI runtime components that can reach ePHI should be isolated from general application traffic and public tool surfaces. | Deployment pattern places nxthreat between agent clients and PHI-bearing systems, allowing MCP and FHIR access to be segmented behind the proxy. Product detail |
| BAA scope | Vendors that create, receive, maintain, or transmit PHI need clear business associate obligations and documented handling boundaries. | nxthreat is designed for deployment under a Business Associate Agreement. The BAA template is available to design partners under NDA, with general availability expected alongside Phase 2 commercial launch. AWS is currently the sole product subprocessor; per-tenant key isolation details are available on request. Product detail |
| Minimum-necessary | AI agents should receive only the PHI needed for the specific task, not broad role-level access. | FHIR-aware policy enforces resource, operation, encounter, and patient-list predicates per call. The receipt records the exact admitted scope. Product detail |
| §164.312(d) Person or Entity Authentication | Systems must verify that the person or entity requesting ePHI is who it claims to be. Agent identity needs the same discipline. | Identity broker gives each agent a workload identity and rejects calls from unknown agents, stale credentials, or mismatched tool bindings. Product detail |
What nxthreat does not cover
nxthreat is not a complete HIPAA program. It does not cover physical safeguards, workforce training, contingency planning, sanction policies, or every administrative safeguard. It is the runtime layer for AI agents, one piece of a complete compliance picture.
Download as PDF
Generate a tenant-branded copy of this mapping for an internal compliance review. HubSpot captures the request server-side. The PDF route renders from the same source data as this page.
Book a 30-minute compliance walkthrough.
Bring the controls your compliance officer cares about. We will map them to runtime evidence.
Book a demo