Technical safeguards are specific requirements
HIPAA's Security Rule §164.312 defines four categories of technical safeguards for electronic PHI. Each maps to a concrete code-level requirement. This post walks through what each one demands and how MeshFlow handles it.
§164.312(a) — Access controls
Requirement: Implement technical policies and procedures that allow only authorized persons or software programs to access ePHI.
What this means in practice: Every agent that processes PHI must have a documented identity. Unauthenticated access must be blocked. Access must be logged.
from meshflow import Agent, compliance_profile# Foundation: every agent gets a W3C DID at spawn, revoked at run end agent = Agent( name="intake_processor", role="executor", policy="hipaa", # activates HIPAA compliance profile )
# Enterprise: JIT privileges, continuous auth zt = ZeroTrustOrchestrator.for_tier(ZeroTrustTier.ENTERPRISE) ```
MeshFlow assigns every agent a cryptographic DID (Decentralized Identifier) at instantiation. The DID is embedded in every `StepRecord` and revoked at run end. This satisfies the "unique user identification" and "automatic logoff" requirements.
§164.312(b) — Audit controls
Requirement: Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems containing or using ePHI.
What this means in practice: Every access to PHI must be logged. The log must be tamper-evident. The log must be retainable for 6 years.
wf = Workflow(compliance_profile=compliance_profile("hipaa")) result = wf.run("Process intake form for patient...")
# Every step writes a StepRecord with SHA-256 chain print(result.audit_entries) # list of chained records print(result.ledger_path) # path to SQLite ledger ```
The SHA-256 hash chain means every StepRecord references the hash of the previous record. Modifying any record breaks all subsequent hashes — tampering is detectable. MeshFlow Cloud stores this chain with 7-year retention and RFC 3161 timestamps for legal admissibility.
§164.312(c) — Integrity controls
Requirement: Protect ePHI from improper alteration or destruction.
What this means in practice: PHI that passes through the system must not be modified without a record. Outputs that contain PHI must be traceable to their inputs.
# DascGate flags and blocks tainted data pathsgate = DascGate.create(run_id="intake_run_001")
# REJECT if tainted input reaches an external write intent = Intent( action="write_ehr", agent_id="writer", risk_tier=RiskTier.EXTERNAL_IO, tainted=True, # input contained unsanitised PHI ) verdict = await gate.evaluate(intent) # → REJECT ```
The taint propagation graph tracks which agents processed tainted data. Any downstream agent that inherits tainted input is also marked — preventing PHI from being silently written to external systems.
§164.312(d) — Authentication
Requirement: Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.
What this means in practice: OAuth2/OIDC for humans accessing the dashboard. API key or mTLS for agent-to-agent calls. No anonymous access.
MeshFlow Cloud implements SAML 2.0 + OAuth2 SSO for dashboard access (Okta, Azure AD, Google Workspace). For agent identity, every A2A call carries the agent's DID and a request signature.
§164.312(e) — Transmission security
Requirement: Implement technical security measures to guard against unauthorized access to ePHI transmitted over an electronic communications network.
What this means: TLS everywhere. PHI must not appear in logs. Context must be stripped before sending to external APIs.
# PIIBlocker runs before every LLM call — strips PHI before it reaches the modelagent = Agent( name="intake_processor", input_guardrails=[PIIBlocker(redaction="replace")], # replaces with [REDACTED] ) ```
The PIIBlocker runs inside `StepRuntime` before the LLM call. PHI patterns (SSN, DOB, MRN, phone, email, address) are replaced before the text is sent to the model API. The original text is never transmitted.
The gap if you build this manually
Each of these requirements is implementable without MeshFlow. But the implementation surface is large: - SHA-256 hash chain: ~200 lines of correctly-ordered append-only SQLite logic - PII detection: regex + NER model + redaction pipeline - Agent identity: DID generation + revocation + request signing - Taint propagation: dependency graph across async agent calls
More importantly, these controls need to be active on every LLM call — not just the ones you remember to add them to. MeshFlow enforces them at the kernel level. You cannot accidentally skip the audit log or the PII filter on a specific agent.