Security FAQ
This page collects answers to security and compliance questions about AgenticX. The HIPAA / HITECH compliance answer below is the canonical platform-wide block — every network pack's pricing and security surfaces link here rather than restating compliance copy locally.
Security FAQ — HIPAA & HITECH Compliance Status
Anchor: q34-hipaa
Q34: What is the compliance status with HIPAA and HITECH?
A: Healthcare data handling:
Current Status:
- AgenticX is NOT HIPAA-compliant and NOT a HIPAA Business Associate
- Product not designed for Protected Health Information (PHI) handling
- No Business Associate Agreement (BAA) currently offered
Roadmap:
- HIPAA compliance evaluation planned for a future phase (demand-dependent)
- Would require: de-identification of AI prompts, PHI encryption with customer-controlled keys, audit logging for HIPAA events
- BAA availability dependent on minimum contract value and customer commitment
Recommendation for Healthcare Customers:
- Use AgenticX only for non-PHI activities
- Ensure prompters (users) do not include PHI in prompts sent to AgenticX agents
- If healthcare-specific data security is needed, consider a HIPAA-compliant alternative or contact enterprise sales for future roadmap discussion
Cross-references:
- Acceptable Use Policy — Section 2.4 ("Dangerous Data") explicitly prohibits uploading PHI on any tier
- Acceptable Use Policy — Section 4.2 ("Data Source Restrictions") reiterates the no-PHI rule
- Acceptable Use Policy — Section 11.1 ("Healthcare & Regulated Industries") points back to this canonical block
Document Version: 1.0.0 Last Updated: April 29, 2026 Classification: Public Canonical Source: agenticx_runtime/legal/security_faq_q_hipaa.md
Other Questions
Other questions to be added by per-network packs. The full multi-question Security FAQ (auth, data residency, sub-processors, audit logging, encryption details, etc.) is Phase 1B work. Customers with a specific question that is not yet covered should contact security@agenticx.brightridgeai.com.