All posts
June 22, 20264 min read

PHI Compliance for CrewAI

How can you prove that CrewAI workflows that touch phi are auditable without rewriting your entire stack? Most teams start by granting the AI service a static database user or a service‑account key that can read and write patient records. The credential lives in a secret store, the AI code pulls it at runtime, and every query runs directly against the underlying PostgreSQL or MongoDB instance. Engineers can see the raw data, and there is no central point that records who asked for what, when, o

Free White Paper

Compliance: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

How can you prove that CrewAI workflows that touch phi are auditable without rewriting your entire stack?

Most teams start by granting the AI service a static database user or a service‑account key that can read and write patient records. The credential lives in a secret store, the AI code pulls it at runtime, and every query runs directly against the underlying PostgreSQL or MongoDB instance. Engineers can see the raw data, and there is no central point that records who asked for what, when, or whether a response contained protected health information. When an incident occurs, the logs are scattered across application logs, database logs, and ad‑hoc audit trails. The result is a compliance gap that auditors flag as “insufficient evidence of access control and data handling for phi”.

Even when an organization adopts modern identity providers, OIDC, SAML, or federated Azure AD, those tokens only prove that a request was authenticated. The request still travels straight to the database or API, bypassing any enforcement layer that could mask identifiers, require a human approval for high‑risk queries, or capture a replayable session. The identity system alone does not generate the granular, per‑command audit records that PHI regulations demand.

Why existing setups fall short for phi compliance

Regulatory frameworks for PHI require three core artifacts:

  • A definitive log of every access attempt, including user identity, timestamp, and the exact query or command executed.
  • Evidence that sensitive fields (for example, Social Security numbers or medical record numbers) are protected, either by masking in responses or by restricting the columns that can be returned.
  • Proof of intent‑based controls, such as just‑in‑time (JIT) approvals for privileged operations, and the ability to replay a session for forensic analysis.

When a team relies solely on the underlying database’s audit feature, they often miss the “intent” layer. Database logs may capture the SQL statement but not the identity that originated it if the connection uses a shared service account. Masking is usually an after‑the‑fact process, applied by downstream ETL jobs rather than at the point of access. And without a gateway that can enforce JIT approval, any engineer with the service account can run a destructive command at any time.

The missing control layer

The missing piece is a Layer 7 gateway that sits between the AI runtime and the target system. This gateway becomes the sole place where policy can be enforced, because every request must pass through it. The gateway can:

  • Inspect the protocol (SQL, HTTP, SSH) and apply inline masking rules before data leaves the target.
  • Require a real‑time approval workflow for commands that match a risk profile, such as bulk updates to patient tables.
  • Record the full session, including request, response, and user identity, in an immutable audit store that auditors can query directly.
  • Enforce just‑in‑time access windows, granting temporary rights that automatically expire.

Without this control layer, the identity system is only a gate‑keeper, not a policy enforcer. The enforcement outcomes exist only because the gateway sits in the data path.

How hoop.dev creates phi audit evidence

hoop.dev implements exactly this control layer. It is deployed as a network‑resident agent that proxies connections to databases, Kubernetes clusters, SSH endpoints, and internal HTTP services. When a CrewAI job initiates a connection, it authenticates to hoop.dev via OIDC or SAML. hoop.dev validates the token, extracts group membership, and then forwards the request to the target. At that point, hoop.dev becomes the only place where policy can be applied.

Continue reading? Get the full guide.

Compliance: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Because hoop.dev records each session, auditors receive a single, authoritative log that shows:

  • Which identity initiated the request.
  • The exact command sent to the database.
  • The masked response that was returned to CrewAI.
  • Any approval step that was required and who granted it.

It stores the session data securely for audit queries, ensuring the evidence cannot be altered by the same process that generated the request.

These artifacts satisfy the three regulatory requirements listed earlier. The logs are searchable, can be exported for audit, and are stored outside the AI runtime, ensuring that the evidence cannot be tampered with by the same process that generated the request.

Key enforcement outcomes for phi workloads

When hoop.dev sits in the data path, the following outcomes become guaranteed:

  • Session recording: Every CrewAI interaction with PHI‑bearing systems is captured, enabling replay during investigations.
  • Inline masking: Sensitive columns are redacted before they ever reach the AI model, reducing the risk of accidental exposure.
  • Just‑in‑time access: Permissions are granted for a defined window, eliminating standing credentials that could be abused.
  • Approval workflows: High‑risk queries trigger a manual approval step, providing a documented chain of custody.
  • Command‑level audit: Fine‑grained logs show exactly what data was read or modified, meeting PHI audit granularity.

All of these outcomes depend on hoop.dev being the gateway; they would not exist if the request bypassed the gateway and connected directly to the database.

Getting started

To add this capability to your CrewAI environment, start with the getting‑started guide, which walks you through deploying the hoop.dev gateway, configuring OIDC authentication, and registering your database connections. The learn site provides deeper examples of masking policies, approval flows, and session replay.

Once the gateway is in place, CrewAI jobs simply point to the hoop.dev endpoint instead of the raw database host. The rest of the workflow, model training, inference, or data enrichment, remains unchanged, but now every access to PHI is accompanied by the audit evidence regulators expect.

FAQ

Does hoop.dev replace my existing database audit logs?

No. hoop.dev complements them by adding identity‑aware, per‑session evidence that includes masking and approval details, which most native database logs lack.

Can I use hoop.dev with any OIDC provider?

Yes. hoop.dev acts as a relying party for any OIDC or SAML identity provider, allowing you to use your existing IdP without custom code.

Is hoop.dev itself PHI‑certified?

hoop.dev does not claim any certification. It generates the audit artifacts that help you demonstrate compliance with PHI regulations.

Ready to see the code and contribute? Explore the open‑source repository on GitHub.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot