Technical safeguards for ePHI — access control, audit logging, and tamper-evident records are required implementation specifications, not optional.
Covered entities must implement technical policies and procedures that allow access to ePHI only to those persons or software programs that have been granted access rights. Required implementation specifications include unique user identification and emergency access procedures; addressable specifications include automatic logoff and encryption/decryption.
AI agents are software programs within the meaning of §164.312(a). Every agent that can reach ePHI must be individually authorised — not granted access because it shares a service account with other applications or inherits a broad connection-level credential. AutoPIL's agent registry assigns a unique agent_id to every registered agent, and the policy engine enforces per-agent access rights at retrieval time. An agent with billing authorisation cannot access clinical notes even if both datasets live in the same cloud storage bucket.
Every user or software program must be assigned a unique name and/or number for identifying and tracking access to ePHI. Shared identities are not permissible — each access must be attributable to a specific user or system.
This is the provision that most enterprise AI deployments fail. Agents deployed under a shared service account, a team API key, or a platform identity cannot satisfy unique user identification — when PHI is accessed, there is no way to determine which agent or which run was responsible. AutoPIL requires every agent to register with a unique agent_id before any access is permitted. All audit chain entries are tagged with that identifier, providing the individual attribution §164.312(a)(2)(i) requires.
Covered entities must implement hardware, software, and procedural mechanisms that record and examine activity in information systems that contain or use ePHI. This is a required implementation specification — there is no addressable alternative.
The standard does not specify what must be logged, but HHS guidance and enforcement history make clear that logs must be sufficient to reconstruct who accessed what ePHI, when, and from which system. Application-level logs are typically insufficient because they record queries, not governance decisions. AutoPIL's tamper-evident audit chain logs every AI agent access at the governance layer — agent ID, data source, sensitivity classification, policy version, and ALLOW/DENY decision — with a cryptographic hash chain that detects any post-hoc alteration. This is the strongest form of §164.312(b) audit control available for AI agent access.
Covered entities must implement policies and procedures to protect ePHI from improper alteration or destruction. The addressable specification requires a mechanism to authenticate ePHI — confirming that it has not been altered or destroyed in an unauthorised manner.
For AI agents, integrity risk extends beyond modification of stored ePHI to modification of the access record itself. An audit log that can be altered after the fact does not satisfy integrity requirements. AutoPIL's cryptographic hash chain links each audit event to its predecessor — any modification to a historical record breaks the chain and is immediately detectable, providing the integrity authentication that §164.312(c) addresses.
Covered entities must implement technical security measures to guard against unauthorised access to ePHI that is being transmitted over electronic communications networks. Encryption is an addressable specification — covered entities must implement it or document why it is not reasonable and appropriate.
When AI agents transmit ePHI between services — from a data lake to a model inference endpoint, for example — each transmission represents a disclosure event under the Security Rule. AutoPIL's API endpoints enforce TLS 1.2+ on all governance calls, and the audit chain records each transmission event with source classification, allowing security teams to verify that only encrypted pathways were used for critical-sensitivity data.
agent_id per registered agent satisfies §164.312(a)(2)(i) unique user identificationThis page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.
AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.