All posts
June 22, 20263 min read

PHI for LangGraph: A Compliance Guide

Many teams assume that simply encrypting PHI before it reaches a LangGraph workflow satisfies all regulatory requirements. In reality, encryption alone does not produce the audit evidence regulators expect, nor does it protect against insider misuse once the data is in memory. Today, most LangGraph deployments handle PHI with static service‑account credentials that are shared across multiple engineers and automated jobs. The credentials are stored in configuration files or secret managers that

Free White Paper

LangGraph: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

Many teams assume that simply encrypting PHI before it reaches a LangGraph workflow satisfies all regulatory requirements. In reality, encryption alone does not produce the audit evidence regulators expect, nor does it protect against insider misuse once the data is in memory.

Today, most LangGraph deployments handle PHI with static service‑account credentials that are shared across multiple engineers and automated jobs. The credentials are stored in configuration files or secret managers that are not tied to individual identities. When a request to run a LangGraph node arrives, it bypasses any real user context, and the system logs only a generic "execution started" message. No per‑user attribution, no command‑level visibility, and no masking of sensitive fields occur. If a breach happens, the organization cannot answer who accessed which piece of PHI, what transformation was applied, or whether the data was exposed in logs.

Adding a proper identity provider and granting each engineer the minimum set of permissions is the first step toward control. With OIDC or SAML integration, every request can be tied to a user or service account, and standing access can be limited to specific LangGraph nodes. However, the request still travels directly to the LangGraph runtime. The gateway that sits between the identity layer and the runtime is missing, so there is still no place to enforce masking, request approval, or session recording. The setup alone does not generate the continuous evidence auditors require.

Why continuous evidence matters for phi

Regulators such as HIPAA and state privacy laws expect organizations to retain an audit trail that shows who accessed PHI, when, and what was done with it. Evidence must be collected at the moment of access, not retroactively from application logs that can be edited or omitted. Continuous evidence also supports incident response: if a suspicious query is detected, the organization can replay the exact session to understand the scope of exposure.

For LangGraph, this means capturing every node execution that touches PHI, masking any PHI that appears in responses, and requiring explicit approval for high‑risk operations (for example, exporting data to external storage). The evidence must be stored outside the LangGraph process so that a compromised runtime cannot alter it.

How hoop.dev creates audit evidence for LangGraph

hoop.dev acts as a Layer 7 identity‑aware proxy that sits between the authenticated request and the LangGraph runtime. When a user or an automated agent connects through hoop.dev, the gateway inspects the LangGraph protocol, applies policy checks, and records the interaction before the request reaches the actual node executor.

Because hoop.dev owns the data path, it can:

  • Associate each request with the caller’s OIDC token, producing a per‑user audit record.
  • Mask PHI fields in responses in real time, ensuring that downstream logs never contain raw identifiers.
  • Require just‑in‑time approval for operations that match a risk rule, such as bulk data export or execution of custom code.
  • Record the full session, including input prompts, node outputs, and any user‑issued commands, for later replay.

All of these actions happen inside the gateway, so the LangGraph process never sees the credential that authenticates the request. The gateway stores the audit trail in a location that is separate from the runtime, satisfying the “continuous evidence” requirement.

Continue reading? Get the full guide.

LangGraph: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Setting up hoop.dev follows the standard getting‑started guide. The deployment runs a network‑resident agent alongside the LangGraph service, and the gateway is configured with the OIDC provider used by your organization. Once the gateway is in place, every LangGraph call is automatically subject to the policies you define. For an overview of the platform, see the hoop.dev product page.

Key enforcement capabilities for phi

Inline data masking. hoop.dev can be instructed to replace PHI patterns (such as social security numbers, medical record identifiers, or email addresses) with placeholder tokens before the data leaves the gateway. This prevents accidental leakage into downstream systems or log aggregation services.

Just‑in‑time (JIT) approval. When a request matches a high‑risk rule, like exporting more than a threshold number of records, hoop.dev pauses the session and routes the request to an approver. The approver can grant a temporary token that allows the operation to continue, ensuring that privileged actions are always witnessed.

Command‑level audit. Each LangGraph node execution is logged with the exact input, output, and caller identity. Because the gateway, not the LangGraph process, writes the logs, they are less susceptible to tampering.

Session replay. Because the gateway records the full bidirectional stream, auditors can replay a session to verify that no PHI was mishandled. The replay feature also aids forensic investigations after an incident.

These capabilities together satisfy the evidence‑generation expectations for PHI compliance without requiring changes to the LangGraph codebase.

Frequently asked questions

Do I need to modify my existing LangGraph applications?

No. hoop.dev works as a transparent proxy. Your existing clients (Python SDK, REST calls, etc.) continue to connect to the same endpoint, only now the connection is routed through the gateway.

How is the audit data protected?

The gateway writes audit records to a storage backend that you configure outside the LangGraph runtime. Because the gateway controls the write path, the records cannot be altered by a compromised LangGraph process.

Can I use hoop.dev with other AI runtimes besides LangGraph?

Yes. hoop.dev supports many AI and data‑science runtimes. The same policy model applies, so you can extend PHI protection across your entire ML stack.

By placing enforcement at the network edge, hoop.dev gives you the continuous, verifiable evidence that regulators demand for PHI handling. Explore the source code on GitHub to see how the gateway is built and to contribute improvements.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot