HealthNext Trust Center

Security & compliance, in the open

Every control, mapped across the frameworks a healthcare security team audits — with the real enforcing code path behind each one. A control is marked Implemented only when it is genuinely enforced and links to a signed, tamper-evident audit record.

WORM chain verifiedgenerated 6/24/2026, 11:45:25 PM

PHI never leaves the boundary

No external foundation-model provider processes PHI. All inference runs on an in-boundary served model; PHI never leaves the boundary.

Implemented

Partial

Inherited

Planned

N/A

Coverage

80%

25 applicable

Evidence bundle (JSON)

Audit & Accountability

Tamper-evident records of every consequential decision, agent or human.

2/2 implemented 2 WORM-linked

Access Control

Deny-by-default, tenant-isolated, attribute-based access to PHI.

2/3 implemented 1 WORM-linked

Data Protection & Privacy

PHI stays in-boundary; minimum-necessary, consent, and egress enforcement.

4/6 implemented 4 WORM-linked

AI Governance

The AI system is mapped, measured, and managed under a governed lifecycle.

1/2 implemented 1 WORM-linked

Agent & LLM Safety

The agent fleet is bounded: human gates, kill-switch, prompt/egress controls.

2/3 implemented 1 WORM-linked

Operational Resilience

Circuit breakers, cost & rate caps, blast-radius limits, incident response.

4/6 implemented 3 WORM-linked

Supply Chain & Provenance

Model lineage, signed provenance, and dependency integrity.

1/2 implemented

Interoperability & Patient Access

Standards-based exchange and the CMS prior-authorization mandate.

0/2 implemented 1 WORM-linked

See every control in the Compliance Center →

HealthNext — Trust Center

Security & compliance posture · controls enforced in code, mapped to frameworks

Generated 6/24/2026, 11:45:25 PM · WORM chain verified (1171 sealed records) · Coverage 80% of 25 applicable controls

Audit-ready by construction. Frameworks below are FRAMEWORK MAPPINGS, not held certifications or attestations. HealthNext does not claim SOC 2 / HITRUST / ISO / FedRAMP certification.

Implemented 16 · Partial 7 · Inherited 1 · Planned 1 · N/A 1

1 · In-boundary architecture

No external foundation-model provider processes PHI. All inference runs on an in-boundary served model; PHI never leaves the boundary.

2 · Control register (enforced in code)

Audit & Accountability

Control	Status	Enforced by (real code path)	Framework crosswalk
HN-AUDIT-INTEGRITY Tamper-evident audit trail (WORM, hash-chained, signed)	Implemented · live proof	@healthnext/audit-evidence — WormAuditLog / chain.ts:sealRecord+verifyChain apps/console — src/server/harness/audit.ts:getWormAuditLog + recentAuditRecords apps/console — src/server/agent/data.ts:appendAudit	nist-800-53: AU-9, AU-10, AU-2, AU-3 nist-csf: PR.PS-04, DE.AE-03 soc2: CC7.2, CC7.3 iso27001: A.8.15, A.5.28 hipaa: 164.312(b), 164.312(c)(1) hitech: 13402 (audit trail) hitrust-ai: 09.aa, 12.c
HN-AUDIT-EXPORT Independently-verifiable evidence export	Implemented · live proof	@healthnext/audit-evidence — evidence.ts:buildEvidenceBundle / verifyEvidenceBundle	nist-800-53: AU-7, AU-9(2) soc2: CC7.3 iso27001: A.8.15 hitrust-ai: 09.ab

Access Control

Control	Status	Enforced by (real code path)	Framework crosswalk
HN-ACCESS-ENFORCEMENT Deny-by-default access enforcement (ABAC + RLS)	Implemented · live proof	@healthnext/tenancy-abac — AbacPolicyEngine + rls/index.ts:generateTableRls	nist-800-53: AC-3, AC-2, AC-6 nist-csf: PR.AA-05 soc2: CC6.1, CC6.3 iso27001: A.5.15, A.8.3 hipaa: 164.312(a)(1), 164.308(a)(4) hitrust-ai: 01.c, 01.v
HN-TENANT-ISOLATION Multi-tenant isolation	Implemented	@healthnext/tenancy-abac — tenant-isolation.ts:assertSameTenant + rls TENANT_GUC	nist-800-53: SC-4, AC-4, SC-2 soc2: CC6.1 iso27001: A.8.22 hitrust-ai: 09.m
HN-AUTHN Authentication & session management	Partial	apps/console — surface.ts host-gated console + login gate	nist-800-53: IA-2, IA-2(1), AC-12 soc2: CC6.1 hipaa: 164.312(d) hitrust-ai: 01.b

Data Protection & Privacy

Control	Status	Enforced by (real code path)	Framework crosswalk
HN-PHI-EGRESS PHI egress boundary (fail-closed)	Implemented · live proof	@healthnext/phi-gate — gate.ts:BlockingPhiGate.enforceEgress apps/console — src/server/agent/modelops.ts:buildPhiGate	nist-800-53: SC-7, AC-4, SC-7(10) nist-csf: PR.DS-02 soc2: CC6.7, C1.1 iso27001: A.8.12, A.5.14 hipaa: 164.312(e)(1), 164.502(b) owasp-llm: LLM02: Sensitive Information Disclosure owasp-agentic: Excessive Agency / Tool Misuse hitrust-ai: 09.s, 13.j
HN-MIN-NECESSARY Minimum-necessary data projection	Implemented · live proof	@healthnext/semantic-layer — compile.ts:projectable() (+ tenancy-abac computeMinimumNecessary)	hipaa: 164.502(b), 164.514(d) nist-800-53: AC-6, SI-12 soc2: C1.1, P4.1 iso27001: A.8.10, A.8.11 hitrust-ai: 06.d, 13.k
HN-CONSENT Member consent & special-protection records (42 CFR Part 2)	Implemented · live proof	@healthnext/consent — resolution.ts + semantic-layer compile.ts consent predicate	part2: 2.12, 2.13, 2.31 hipaa: 164.508, 164.522 nist-800-53: AC-21, PT-2, PT-3 soc2: P3.1, P3.2 hitrust-ai: 06.c, 13.c
HN-ENCRYPTION Encryption in transit & at rest	Partial	@healthnext/audit-evidence — crypto.ts KeyProvider (KMS/HSM-pluggable)	nist-800-53: SC-13, SC-28, SC-8 soc2: CC6.7 iso27001: A.8.24 hipaa: 164.312(a)(2)(iv), 164.312(e)(2)(ii) hitrust-ai: 06.d
HN-ACCESS-LOGGING Access logging (every read of a member record is an audit entry)	Implemented · live proof	@healthnext/agent-harness — governed-tool.ts defineGovernedTool (audits every invocation) apps/console — src/server/agent/model-tools.server.ts → data.ts:appendAudit	hipaa: 164.312(b), 164.308(a)(1)(ii)(D) nist-800-53: AU-2, AC-6(9) hitrust-ai: 09.aa
HN-PCI-CARDHOLDER Cardholder data protection (PCI DSS) — scoped	N/A	HealthNext does not process or store cardholder data in the core product; premium-billing card handling is delegated to a PCI-compliant payment processor. This control becomes IN-SCOPE only when a deployment brings card data into the estate ("when in PCI estate"), at which point the segmentation + encryption controls above apply to that boundary.	pci-dss: Req 3, Req 4, Req 7, Req 8 nist-800-53: SC-28, AC-3

AI Governance

Control	Status	Enforced by (real code path)	Framework crosswalk
HN-AI-INBOUNDARY In-boundary model routing (no PHI to external models)	Implemented · live proof	@healthnext/modelops — modelops.ts:getModelOps (in-boundary default, PHI gate inside) apps/console — src/server/agent/modelops.ts:getModelOps + modelStatus	nist-ai-rmf: MANAGE 2.2, MAP 5.1 iso42001: 8.3, A.10.2 owasp-llm: LLM02: Sensitive Information Disclosure hitrust-ai: AI.04
HN-AI-LIFECYCLE Governed AI lifecycle (map / measure / manage)	Partial	@healthnext/tenant-model — fork client + published eval snapshot	iso42001: 6.1, 8.2, 9.1 nist-ai-rmf: GOVERN 1.1, MEASURE 2.3, MAP 1.1 hitrust-ai: AI.01, AI.02

Agent & LLM Safety

Control	Status	Enforced by (real code path)	Framework crosswalk
HN-HUMAN-GATE Human-in-the-loop approval gates (AI never holds the decision)	Implemented · live proof	@healthnext/agent-harness — orchestrator.ts approval-gate dispatch (propose + hold) apps/console — src/server/agent/model-tools.server.ts:executeGovernedToolCall (isGated)	nist-ai-rmf: MANAGE 1.1, GOVERN 3.2 iso42001: A.9.2 owasp-llm: LLM06: Excessive Agency owasp-agentic: Excessive Agency, Insufficient Oversight nist-800-53: AC-3, CM-5 hitrust-ai: AI.06
HN-AGENT-TOOL-SCOPING Least-privilege tool scoping (an agent calls only declared tools)	Implemented	@healthnext/agent-harness — registry.ts agentCanUse + orchestrator dispatch check apps/console — src/server/agent/model-tools.server.ts:buildGovernedModelTools + executeGovernedToolCall	owasp-agentic: Tool Misuse, Excessive Agency owasp-llm: LLM06: Excessive Agency nist-800-53: AC-6, CM-7 nist-ai-rmf: MANAGE 2.2 hitrust-ai: AI.06
HN-PROMPT-INJECTION Prompt-injection & untrusted-content defenses	Partial	@healthnext/agent-harness — governed-tool typed I/O + phi-gate egress	owasp-llm: LLM01: Prompt Injection, LLM05: Improper Output Handling owasp-agentic: Memory Poisoning, Tool Misuse nist-ai-rmf: MEASURE 2.7, MANAGE 2.2 hitrust-ai: AI.03

Operational Resilience

Control	Status	Enforced by (real code path)	Framework crosswalk
HN-KILL-SWITCH Fleet kill-switch (halt the agent fleet)	Implemented · live proof	@healthnext/agent-harness — fleet-control.ts:InMemoryFleetControlPlane.setKillSwitch + orchestrator gate	nist-800-53: IR-4, SI-4, CP-2 nist-csf: RS.MI-01, RS.MA-01 nist-ai-rmf: MANAGE 4.1, MANAGE 2.4 iso42001: A.9.2, A.10.4 owasp-agentic: Cascading Failures, Insufficient Oversight hitrust-ai: AI.08
HN-CIRCUIT-BREAKER Per-agent circuit breakers	Implemented · live proof	@healthnext/agent-harness — fleet-control.ts circuit breaker (open/half-open/closed)	nist-800-53: SI-4, CP-10, IR-4 nist-csf: RS.MI-01, RC.RP-01 owasp-agentic: Cascading Failures, Resource Exhaustion hitrust-ai: AI.08
HN-COST-RATE-CAPS Per-tenant cost & rate caps	Implemented	@healthnext/agent-harness — fleet-control.ts rate cap + cost cap (rolling window)	nist-800-53: SC-5, SC-6, AU-12 nist-ai-rmf: MANAGE 2.4 owasp-llm: LLM10: Unbounded Consumption owasp-agentic: Resource Exhaustion hitrust-ai: AI.08
HN-BLAST-RADIUS Blast-radius limits (bounded concurrent high-risk actions)	Implemented · live proof	@healthnext/agent-harness — fleet-control.ts blast-radius slot accounting	nist-800-53: SC-5, CM-7, CP-2 nist-ai-rmf: MANAGE 2.4, MANAGE 4.1 owasp-agentic: Cascading Failures, Excessive Agency hitrust-ai: AI.08
HN-INCIDENT-RESPONSE Incident detection & response runbook	Partial	apps/console — Operations Wall (NOC) + Observe gate/egress incident stream	nist-800-53: IR-1, IR-4, IR-6, IR-8 nist-csf: RS.MA-01, RS.AN-01, RS.CO-02 hipaa: 164.308(a)(6) hitech: 13402 (breach notification) soc2: CC7.4, CC7.5 hitrust-ai: 11.a, 11.c
HN-BCDR Backup & disaster recovery	Inherited	The durable run store + audit chain persist to managed Postgres with provider-level backups/PITR; RPO/RTO and a tested DR runbook are inherited from the deployment's managed data plane and documented per-deployment.	nist-800-53: CP-9, CP-10 nist-csf: RC.RP-01 soc2: A1.2, A1.3 iso27001: A.8.13, A.5.30 hipaa: 164.308(a)(7) hitrust-ai: 12.b

Supply Chain & Provenance

Control	Status	Enforced by (real code path)	Framework crosswalk
HN-AI-PROVENANCE Model & data provenance (no PHI in weights)	Implemented	@healthnext/tenant-model — real-fork-client.ts partitionSources + discipline attestation	nist-ai-rmf: MAP 4.1, MANAGE 3.1 iso42001: A.7.2, A.7.3 nist-800-53: SR-3, SR-4, SA-8 owasp-llm: LLM03: Supply Chain, LLM04: Data and Model Poisoning hitrust-ai: AI.05
HN-AI-SIGNING-IDENTITY Human vs agent signing-identity separation	Planned	Today every record is per-tenant-signed and the actor (agent vs human) is in the signed metadata. A distinct signing identity per actor-class (so the key itself proves agent-vs-human) is on the roadmap (tracked as P3).	nist-800-53: IA-9, AU-10 nist-ai-rmf: MANAGE 4.1 owasp-agentic: Identity & Impersonation hitrust-ai: AI.07

Interoperability & Patient Access

Control	Status	Enforced by (real code path)	Framework crosswalk
HN-CMS-PRIOR-AUTH Electronic prior authorization (CMS-0057-F)	Partial · live proof	@healthnext/agent-harness — fleet/prior-authorization.ts (criteria → determination → human gate)	cms-0057-f: Prior Authorization API, Provider Access API, Payer-to-Payer API nist-ai-rmf: MANAGE 1.1 hitrust-ai: AI.06
HN-FHIR-EXCHANGE Standards-based health data exchange (FHIR / X12)	Partial	@healthnext/connector-fhir + connector-x12 + connector-davinci — integration-fabric governed connectors	cms-0057-f: Patient Access API, FHIR US Core nist-800-53: SC-8, SI-10 hitrust-ai: 09.s

3 · Framework coverage (mappings, not certifications)

Framework	Authority · version	Applicable	Coverage
SOC 2 Type II	AICPA · 2017 TSC (rev. 2022)	11	82%
ISO/IEC 27001	ISO/IEC · 2022	8	88%
ISO/IEC 42001	ISO/IEC · 2023	5	90%
NIST SP 800-53 Rev. 5	NIST · Rev. 5	21	83%
NIST CSF 2.0	NIST · 2.0	7	86%
NIST AI RMF (AI 600-1)	NIST · 1.0 + Generative AI Profile (AI 600-1)	11	77%
OWASP LLM Top 10	OWASP · 2025	7	93%
OWASP Agentic Top 10 (ASI)	OWASP · Agentic Security Initiative	9	83%
HITRUST AI Security Certification	HITRUST · AI Security Assessment	25	80%
HIPAA Security & Privacy Rules	HHS / OCR · 45 CFR Parts 160 & 164	10	80%
HITECH Act	HHS · 2009 (as amended)	2	75%
42 CFR Part 2	SAMHSA / HHS · 2024 final rule	1	100%
CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F)	CMS · 2024 (effective 2026–2027)	2	50%
PCI DSS v4.0 (conditional)	PCI SSC · 4.0	0	0%

4 · Policy register

POL-PHI-BOUNDARY — PHI Boundary & In-Boundary AI (v1.2)

Protected health information never leaves the tenant boundary. All model inference runs on an in-boundary served model; egress to any unmanaged destination is blocked, not redacted.

Owner: Chief Information Security Officer · Review: quarterly · Last 2026-04-15 · Next 2026-07-15

Enforced by: @healthnext/phi-gate (BlockingPhiGate.enforceEgress); @healthnext/modelops (getModelOps (in-boundary default))

POL-MIN-NECESSARY — Minimum Necessary (v1.1)

Any access to PHI is limited to the minimum data necessary for the stated purpose-of-use. PHI and quasi-identifier fields are dropped unless the purpose justifies them.

Owner: Privacy Officer · Review: semi-annual · Last 2026-03-01 · Next 2026-09-01

Enforced by: @healthnext/semantic-layer (compile.ts:projectable()); @healthnext/tenancy-abac (computeMinimumNecessary)

POL-CONSENT — Consent & Special-Protection Records (v1.0)

Member consent is honored as a denial control. Substance-use-disorder records (42 CFR Part 2) and other special-protection classes receive heightened restriction and never egress to unauthorized destinations.

Owner: Privacy Officer · Review: semi-annual · Last 2026-02-01 · Next 2026-08-01

Enforced by: @healthnext/consent (resolution.ts + semantic-layer consent predicate)

POL-LEAST-PRIVILEGE — Least Privilege & Access Control (v1.3)

Access is deny-by-default and scoped by tenant, role, and purpose. Agents may invoke only the tools they declare. Database row-level security is the last line of defense.

Owner: Chief Information Security Officer · Review: quarterly · Last 2026-04-15 · Next 2026-07-15

Enforced by: @healthnext/tenancy-abac (AbacPolicyEngine + generateTableRls); @healthnext/agent-harness (registry.ts:agentCanUse)

POL-HUMAN-OVERSIGHT — Human Oversight of AI Decisions (v1.1)

AI never holds a final decision that changes clinical, financial, or member-facing state. Such actions are proposed by an agent and held for human sign-off.

Owner: Chief Medical Officer · Review: quarterly · Last 2026-04-15 · Next 2026-07-15

Enforced by: @healthnext/agent-harness (orchestrator.ts approval gates)

POL-AUDIT-RETENTION — Audit Logging & Retention (v1.2)

Every consequential action is recorded to a tamper-evident, append-only audit trail and retained for the regulatory retention period. The trail is independently verifiable.

Owner: Compliance Officer · Review: annual · Last 2026-01-15 · Next 2027-01-15

Enforced by: @healthnext/audit-evidence (WormAuditLog + verifyChain)

POL-INCIDENT-RESPONSE — Fleet Incident Response (v1.0)

Operators can immediately halt the agent fleet. Repeatedly-failing agents are automatically taken out of rotation. Incidents are detected, contained, and recorded.

Owner: Chief Information Security Officer · Review: quarterly · Last 2026-06-22 · Next 2026-09-22

Enforced by: @healthnext/agent-harness (fleet-control.ts kill-switch + circuit breakers)

POL-CAPACITY — Capacity, Cost & Blast-Radius (v1.0)

Each tenant's run-rate and token cost are capped over a rolling window, and the number of concurrent high-risk agent actions is bounded fleet-wide.

Owner: VP, Platform Engineering · Review: quarterly · Last 2026-06-22 · Next 2026-09-22

Enforced by: @healthnext/agent-harness (fleet-control.ts rate/cost caps + blast-radius)

POL-MODEL-PROVENANCE — Model & Data Provenance (v1.0)

Per-customer models are trained on non-PHI corpora only. PHI and secrets are partitioned out before training and served at runtime via governed RAG. Every training order carries an audit-safe attestation.

Owner: Head of AI / MLOps · Review: semi-annual · Last 2026-03-01 · Next 2026-09-01

Enforced by: @healthnext/tenant-model (real-fork-client.ts:partitionSources)

5 · Sub-processor inventory

Sub-processor	PHI access	Location	Purpose
Managed Postgres (deployment cloud)	processor	Customer-elected region (US)	Durable storage of the operations graph, run store, and WORM audit chain — inside the tenant boundary.
In-boundary served model (LeanLogix-trained fork)	in-boundary-only	In the tenant boundary	Healthcare LLM inference for the agent fleet.
Netlify	none	Global edge / US functions	Static hosting + serverless functions for the console + marketing surfaces.
Resend	none	US	Transactional email (operational notifications).

6 · Posture documents (templates — not executed)

Data Processing Addendum (DPA) — DPA · 0.3 (template)

TEMPLATE — not an executed agreement. This is a starting-point draft for a customer's counsel to review and negotiate; it is not legal advice and confers no obligation until both parties sign a final version. Clauses marked with a control reference are enforced in code today; the rest are documentary commitments pending counsel review.

Owner: Chief Information Security Officer · Updated 2026-06-22

Roles & scope. The customer (Covered Entity or its Business Associate) is the controller of the PHI; HealthNext acts as a Business Associate / processor and processes PHI only on documented instructions and only to provide the contracted service. A separate Business Associate Agreement (BAA) governs HIPAA obligations and is incorporated by reference.

Processing boundary (in-boundary PHI). PHI is processed inside the customer-elected boundary. Model inference runs on an in-boundary served model; PHI is never transmitted to an external foundation-model provider. Egress to any unmanaged destination is blocked — not merely redacted — and fails closed. [enforced today: HN-PHI-EGRESS, HN-AI-INBOUNDARY]

Security measures. HealthNext maintains deny-by-default access control with per-tenant row-level isolation, minimum-necessary data projection, encryption in transit, and a tamper-evident, hash-chained, signed audit trail of every consequential decision. Detailed control mappings are in the Trust Center crosswalk. [enforced today: HN-ACCESS-ENFORCEMENT, HN-TENANT-ISOLATION, HN-MIN-NECESSARY, HN-AUDIT-INTEGRITY]

Sub-processing. HealthNext engages the sub-processors listed in the Trust Center inventory. HealthNext will give the customer prior written notice of any intended addition or replacement of a sub-processor that processes PHI and an opportunity to object. No external foundation-model provider processes PHI.

Assistance & data subject rights. HealthNext assists the customer in responding to individuals' access/amendment/accounting requests and in meeting the customer's own regulatory obligations, using the audit and evidence-export capabilities of the platform. [enforced today: HN-AUDIT-EXPORT, HN-ACCESS-LOGGING]

Return & deletion. On termination, HealthNext returns or securely destroys PHI per the Data Retention Schedule, subject to retention required by law. The append-only audit chain is retained for the regulatory retention period and is not deleted on a per-record basis (WORM).

Data Retention & Disposal Schedule — Retention · 0.2 (template)

Owner: Compliance Officer · Updated 2026-06-22

Audit & evidence records. Retained for the regulatory retention period (HIPAA requires documentation be retained 6 years; some states require longer). The audit trail is append-only, hash-chained, and Ed25519-signed — there is no update or delete path for an individual record, so retention is enforced structurally, not by policy alone. [enforced today: HN-AUDIT-INTEGRITY, HN-AUDIT-EXPORT]

Operational PHI (graph, cases, runs). Retained for the active contract term plus the customer-elected retention window, then returned or destroyed per the DPA. Stored inside the boundary in managed Postgres with per-tenant isolation. [enforced today: HN-TENANT-ISOLATION, HN-ACCESS-ENFORCEMENT]

Model training corpora. Per-customer model forks are trained on non-PHI corpora only; PHI and secrets are partitioned out before training and served at runtime via governed retrieval. Training inputs therefore carry no PHI retention obligation. [enforced today: HN-AI-PROVENANCE]

Operational metadata & email. Transactional email and operational notifications carry no PHI in their bodies; metadata is retained for the operational window needed for deliverability and support, then purged on the provider's schedule.

Disposal method. Operational data is deleted via the managed data plane's cryptographic-erase / secure-delete facilities. The audit chain is exempt from per-record deletion by design and ages out only at the end of the regulatory retention period for the whole tenant chain.

Incident Response & Breach Notification Plan — Incident Response · 0.2 (template)

Owner: Chief Information Security Officer · Updated 2026-06-22

Detection. Fleet activity, approval-gate holds, and PHI-egress decisions stream to the operations wall in real time. Every egress ALLOW/BLOCK and every held write is a signed audit record, so anomalous activity is visible and attributable. [enforced today: HN-INCIDENT-RESPONSE, HN-ACCESS-LOGGING, HN-PHI-EGRESS]

Automated containment (live). An operator can immediately halt the agent fleet globally or per-agent; repeatedly-failing agents are taken out of rotation by per-agent circuit breakers; per-tenant rate/cost caps and a fleet-wide blast-radius limit bound the damage of a runaway. Halts fail closed and are sealed to the audit chain. [enforced today: HN-KILL-SWITCH, HN-CIRCUIT-BREAKER, HN-COST-RATE-CAPS, HN-BLAST-RADIUS]

Triage & investigation. On declaration of an incident, the response team scopes affected tenants and data classes using the per-tenant audit chain and evidence export, establishes a timeline from the signed records, and determines whether PHI was disclosed to an unauthorized party. [enforced today: HN-AUDIT-EXPORT]

Notification (draft commitment). Where an incident is a reportable breach of unsecured PHI, HealthNext will notify the affected customer without unreasonable delay so the customer can meet HIPAA/HITECH breach-notification timelines (individual notice within 60 days of discovery; HHS and, where applicable, media notice per the rule). Specific contractual SLAs are set in the executed agreement. [enforced today: HN-INCIDENT-RESPONSE]

Post-incident. Root-cause analysis, corrective actions, and control updates are tracked to closure; the incident record and its evidence are retained per the Data Retention Schedule.

Subprocessor Change-Notification Commitment — Subprocessor · 0.2 (template)

Owner: Chief Information Security Officer · Updated 2026-06-22

Current inventory. The authoritative subprocessor list is published in the Trust Center, with each entry's PHI-access level. The notable absence a reviewer should confirm: there is NO external foundation-model provider in the PHI path — all inference runs on an in-boundary served model. [enforced today: HN-AI-INBOUNDARY, HN-PHI-EGRESS]

Notification of change. HealthNext will provide the customer prior written notice before adding or replacing any subprocessor that processes PHI, with a reasonable window to object. A change that would route PHI to a new external destination is gated by the egress boundary and would require a deliberate, audited policy change. [enforced today: HN-PHI-EGRESS]

Subprocessor due diligence. PHI-touching subprocessors are limited to those operating inside the tenant boundary (managed data plane, in-boundary model) under appropriate agreements; non-PHI subprocessors (hosting, transactional email) carry no PHI access by design.

This document reflects the live system: control status is computed from the actual enforcing code, and Implemented controls link to real Ed25519-signed audit records. Framework mappings are harmonized in the HITRUST AI assessment style. HealthNext holds no SOC 2 / HITRUST / ISO / FedRAMP certification or attestation; the posture is audit-ready by construction. Synthetic demo data is labeled (Sandbox).

This Trust Center reflects the live system: control status is computed from the actual enforcing code, and Implemented controls link to real Ed25519-signed audit records. It is not a marketing snapshot. Frameworks are named exactly; the crosswalk is harmonized in the HITRUST AI assessment style.