Okay, I'll start. We're trying to prototype a patient intake summary agent using a modified nano-claw pattern, and our legal/compliance team just saw the architecture diagram. It was like someone hit a pause button on the whole universe. They're fixated on two things:
1. **Context Window as a PHI Blender:** The agent pulls data from multiple internal systems (scheduling, basic chart info) to generate a summary. Legal sees the agent's context window—this big, temporary, in-memory string—as a terrifying, unregulated PHI amalgamation that exists outside our normal audit trails. Their words: "You've created a new, unsanctioned database that forgets. That's worse."
2. **Cloud API BAAs:** We're using a mix of local Llama and a cloud-based embedding service. Even for that *one* external API, getting a signed Business Associate Agreement feels like pulling teeth. The vendor's standard terms are, predictably, vague on AI processing. Our legal won't budge without a BAA that explicitly covers their AI services, not just their "platform."
So we're stuck. The tech works. The "minimum necessary" principle makes sense for an agent—you can program it to only fetch specific fields. But convincing legal that the agent's reasoning process itself isn't creating an unauthorized disclosure? Impossible right now.
I'm curious:
- Is anyone actually *running* agents on PHI, or are we all stuck in pilot/phantom-data mode?
- For those who've moved forward, what was the key concession or technical control that satisfied compliance? Was it:
- A heavy shift to fully local models (even at a cost to capability)?
- A crazy detailed logging wrapper that reconstructs the agent's "thoughts" for audit?
- Just avoiding any cloud APIs altogether?
The frameworks (LangChain, AutoGPT, our own Open Claw) give us the building blocks, but the compliance path feels... manual. Like we're building a custom legal justification for every single agent pattern.