← All lessons/Enterprise
45
Enterprise

HIPAA Compliance Mode

Tag PHI fields, enforce access logging, and generate HIPAA audit reports.

Prerequisite: Lessons 10 and 32 complete

What you'll learn

  • SAPIX_HIPAA=true env var enables HIPAA mode
  • phi: true property in agent schema tags protected fields
  • Every read of a PHI-tagged field is logged with who, when, which fields
  • GET /v1/compliance/hipaa/report?from=&to= — audit report export
  • AES-256-GCM encryption is already enforced by SAPIX_MASTER_SEED
Challenge

Enable HIPAA mode. Create patients agent with PHI-tagged fields. Write a record. Read it. Generate audit report and confirm the read appears.

Interactive Walkthrough

What you'll learn

Tag PHI fields, enforce access logging, and generate HIPAA audit reports.

What HIPAA mode enables

  • PHI (Protected Health Information) field tagging
  • Access log: every read of a PHI field is recorded with who accessed it and when
  • Audit report: HIPAA-compliant access log export
  • Encrypted storage: AES-256-GCM (already default with SAPIX_MASTER_SEED)

Enable HIPAA mode

# docker-compose.yml
environment:
  SAPIX_HIPAA: "true"

Tag PHI fields in an agent schema

curl -s -X PUT http://localhost:7475/v1/agents/patients/schema \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer spx_root_YOUR_ROOT_KEY" \
  -d '{
    "schema": {
      "required": ["patient_id", "name"],
      "properties": {
        "patient_id": {"type": "string"},
        "name":       {"type": "string", "phi": true},
        "dob":        {"type": "string", "phi": true},
        "diagnosis":  {"type": "string", "phi": true},
        "notes":      {"type": "string", "phi": true}
      }
    }
  }' | python3 -m json.tool

Generate a HIPAA audit report

curl -s "http://localhost:7475/v1/compliance/hipaa/report?from=2026-07-01&to=2026-07-31" \
  -H "Authorization: Bearer spx_root_YOUR_ROOT_KEY" \
  | python3 -m json.tool

The report lists every access to PHI-tagged fields: timestamp, key_id, patient_id, fields accessed.

Challenge

Enable HIPAA mode. Create a patients agent with PHI-tagged fields. Write a patient record. Read it. Generate an audit report and confirm the read appears in it.

---

← Previous
Lesson 44: WAL & Checkpoints
Next →
Lesson 46: SOX Compliance