Business Associate Agreements
HIPAA Phase 1: A signed BAA gates every PHI-touching action. The validator chain denies actions where no active BAA covers the destination provider — at the moment of the call, not at the next quarterly audit.
No BAAs signed yet
Without a BAA covering a PHI destination, every PHI-tagged clearance request denies with reason_code='phi_baa_missing'.
No unprotected PHI destinations detected
Run the agent console with PHI scenarios to populate this list.