Compliance and Audit

The Amigo platform is built for regulated healthcare environments. Compliance is not a separate layer added on top of the system; it is a consequence of architectural decisions that were made for operational reasons and happen to satisfy regulatory requirements.

Audit Trails Through Event Sourcing

The world model is event-sourced. Every piece of data that enters the system is written as an immutable, append-only event. Events are never modified or deleted. When information changes, a new event supersedes the old one, but the old event remains in the log permanently.

This architecture produces a complete audit trail by default:

• What was known, and when. You can reconstruct the state of any entity at any point in time by replaying events up to that timestamp.

• Where data came from. Every event records its source (EHR sync, voice call, manual import, agent inference) and its confidence level.

• What changed, and why. When an entity's state changes, the event that caused the change is traceable. Superseded events are linked to the events that replaced them.

• Who accessed what. API access is scoped to authenticated accounts with role-based permissions, and access logs are maintained.

This is not a logging system bolted onto a mutable database. The event store is the database. The audit trail is not a secondary artifact; it is the primary data structure.

HIPAA Considerations

Amigo handles protected health information (PHI) in the normal course of healthcare operations. The platform's architecture addresses key HIPAA requirements:

Isolation

PHI is isolated at the workspace level. Each workspace has its own world model, its own data sources, and its own access controls. Data does not cross workspace boundaries. A multi-site healthcare organization can run separate workspaces per clinic, ensuring that each site's patient data is accessible only to accounts with permissions in that workspace.

Access Control

API keys are scoped to accounts with role-based permissions (owner, admin, member, viewer). Each role has defined capabilities, and keys cannot exceed the permissions of the account that created them. See Workspaces for the full permission model.

Data Minimization

The three data channels in the world model (ambient, queried, extracted) control what information is available to the voice agent at any given moment. The agent receives the minimum context needed for the current conversation, not a full dump of the patient's record. Ambient context is configured per service; queried data requires an explicit tool call; extracted data flows through review before reaching the EHR.

Encryption

Data is encrypted in transit and at rest. Voice call audio, transcripts, and world model events are stored with encryption. Specific encryption standards and certifications are available on request.

Field-Level Encryption

Sensitive user data is encrypted at the field level in the database. User variables that contain credentials or API keys for tool execution are encrypted at rest and are write-only - once set, they can never be read back through the API. They are decrypted only inside the tool's isolated execution environment at runtime. This prevents credential exposure even if the database is compromised.

Confidence Gates as a Compliance Mechanism

The three-layer confidence gates in the connector runner are a safety mechanism, but they also serve a compliance function. They ensure that unverified data does not reach systems of record.

Consider the flow:

1. A patient mentions a new pharmacy address during a phone call

2. The agent writes this as an event with voice confidence (0.5)

3. The LLM review judge evaluates whether the extracted address matches what was actually said in the transcript

4. If verified, confidence is upgraded. If uncertain, the event is flagged for human review.

5. Only events that pass all three gates (source confidence, LLM review, and human review where required) are synced back to the EHR

This means that a misheard word, a misinterpreted statement, or an incorrect inference by the agent does not automatically become part of the clinical record. The gates catch errors before they propagate.

For regulated environments, this is significant. It provides a documented, traceable verification process between "something was said on a phone call" and "a record was updated in the EHR." Auditors can examine the event chain: the original transcript, the extracted data, the review judgment, and the final write.

PHI in Voice Calls

Voice calls present specific PHI handling considerations:

• Transcripts contain PHI by nature (patient names, conditions, medication details). They are stored in the workspace's world model with the same isolation and access controls as all other data.

• Audio recordings are stored encrypted and scoped to the workspace. Retention policies are configurable.

• Emotion detection data is processed in real time and stored as aggregate signals (valence, arousal, trend), not raw audio. The emotion pipeline does not retain audio segments after processing.

Certifications and Agreements

Business Associate Agreements (BAAs) are executed with all vendors that handle PHI, spanning cloud infrastructure, AI/LLM providers, voice processing, data storage, and monitoring services.

BAAs are available for HIPAA-covered customers. Contact [email protected] or visit the Trust Center for certification details and audit reports.

Webhook Security

Webhook deliveries are signed with HMAC-SHA256 using a per-organization secret. During secret rotation, the system sends signatures from both the old and new secrets in the delivery headers for a 30-minute transition window. This ensures that webhook consumers can verify signatures without interruption during rotation. Delivery attempts are tracked with full audit trails (timestamps, HTTP status codes) and retained for 30 days.

Infrastructure Security

Ongoing Compliance

Compliance is not a one-time certification. The platform supports ongoing compliance through:

• Continuous audit trails - Every interaction produces traceable events, not just periodic snapshots

• Review queues - Flagged interactions are surfaced for human review on an ongoing basis

• Monitor concepts - Semantic rules can be configured to detect compliance-relevant patterns in real time (see Monitoring)

• Regulation templates - Pre-built rule sets for healthcare compliance requirements can be applied and customized per workspace

• Quarterly evidence collection - User access reviews, vendor security assessments, risk assessment updates, control self-assessments

The combination of immutable event sourcing, confidence-gated writes, and real-time monitoring provides the infrastructure needed to demonstrate compliance to auditors, regulators, and internal governance teams.

For API details on workspace permissions, safety monitors, and regulation templates, see the Developer Guide.