The OpenAI Agents SDK and PHI Compliance

Can the OpenAI Agents SDK be used to process phi without breaking the audit and privacy rules that regulators expect?

Regulations that protect protected health information require three core technical controls: a tamper‑evident record of who accessed what, mechanisms that prevent the accidental exposure of sensitive fields, and a way to demonstrate that each access was authorized at the moment it occurred. Auditors look for immutable logs, evidence of just‑in‑time approvals, and proof that any data returned to a downstream system was filtered according to policy.

When developers embed the OpenAI Agents SDK directly into an application, the SDK talks straight to the OpenAI endpoint using a static API key. The request travels over the public internet, the application reads the raw response, and no central point enforces masking, blocks disallowed prompts, or captures a complete audit trail. In practice this lets the system violate the evidence‑generation requirement, and any breach of phi may go unnoticed until after the fact.

The missing piece is a data‑path component that sits between the SDK and the OpenAI service, inspects each request and response, and applies policy before the data reaches the application. That component must record every session, mask sensitive fields on the fly, and trigger human approval for risky operations. Without it, the SDK alone cannot satisfy the evidence‑generation requirement.

How hoop.dev provides the required data‑path

You deploy hoop.dev, a Layer 7 gateway, inside the same network as the application so that all SDK traffic passes through it. The gateway forces every request through itself, authenticates callers via OIDC or SAML, reads group membership, and then decides whether the request may proceed.

After the gateway allows a request, it examines the payload. If the request or the response contains fields that match a phi pattern, hoop.dev replaces the value with a masked placeholder before the data reaches the application. If the operation qualifies as high‑risk, such as generating a large text block that could contain a full medical record, hoop.dev pauses the request and routes it to a human approver. The request continues only after an approver gives explicit approval.

Because hoop.dev sits in the data path, the gateway captures every interaction. It writes a session record that includes the caller identity, timestamp, request parameters, masking actions taken, and the approval decision. The system retains these records in a searchable audit log that auditors can query to see who accessed phi, when, and under what policy.

Setup: identity and least‑privilege provisioning

The first step is to configure an identity provider that issues short‑lived OIDC tokens to the services that run the OpenAI Agents SDK. By using service accounts with narrowly scoped roles, you ensure that the SDK can request the OpenAI endpoint only when it presents a valid token. hoop.dev validates the token, extracts the group claims, and maps them to the policy that governs phi handling.

Because the gateway holds the actual OpenAI API key, the SDK never sees the secret, protecting the credential from a compromised container.

Enforcement outcomes generated by hoop.dev

• Session recording – hoop.dev logs every request and response, creating a complete audit trail for phi compliance.
• Inline masking – hoop.dev replaces identified phi fields in responses before they reach the application.
• Just‑in‑time approval – risky prompts pause and are sent to an approver, ensuring that no unapproved extraction of phi occurs.
• Command blocking – hoop.dev rejects requests that violate policy, preventing accidental data leakage.
• Replay capability – auditors can replay any recorded session to verify that masking and approvals were applied correctly.

All of these outcomes exist because hoop.dev sits in the data path; the SDK alone cannot provide them.

Getting started with hoop.dev

To add hoop.dev to an existing OpenAI Agents SDK deployment, begin with the quick‑start guide that walks you through deploying the gateway with Docker Compose, configuring OIDC authentication, and defining a masking rule for phi fields. The documentation also shows how to enable approval workflows and where the audit logs are stored.

For a step‑by‑step walkthrough, see the getting‑started guide. The broader feature set, including masking patterns and approval UI, is covered in the learn section of the site.

FAQ

Does hoop.dev make the OpenAI Agents SDK PHI‑compliant?
hoop.dev generates the evidence that auditors require for phi compliance, but full compliance also depends on organizational policies, training, and other technical controls outside the gateway.

How does hoop.dev mask PHI in real time?
hoop.dev inspects each response at the protocol layer and replaces any field that matches a configured phi pattern with a masked token before the data is handed to the SDK.

What audit artifacts does hoop.dev provide?
hoop.dev records session logs that capture the caller identity, request details, masking actions, and any approval decisions. You can export these logs for audit reviews.

Explore the open‑source code on GitHub: https://github.com/hoophq/hoop