-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathhealthcare.json
More file actions
80 lines (80 loc) · 2.11 KB
/
healthcare.json
File metadata and controls
80 lines (80 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
{
"$schema": "https://agentpolicy.org/schema/v1/agent-policy.schema.json",
"version": "1.0",
"policyUrl": "https://hospital.example.com/.well-known/agent-policy.json",
"defaultPolicy": {
"allow": false,
"disallow": ["all"],
"requireVerification": true
},
"pathPolicies": [
{
"path": "/public/**",
"allow": true,
"actions": ["read", "index"],
"requireVerification": false,
"rateLimit": {
"requests": 50,
"window": "hour"
}
},
{
"path": "/patient/**",
"allow": false,
"disallow": ["all"]
},
{
"path": "/records/**",
"allow": false,
"disallow": ["all"]
},
{
"path": "/api/v1/appointments/*",
"allow": true,
"actions": ["api_call"],
"requireVerification": true,
"rateLimit": {
"requests": 20,
"window": "hour"
},
"agentAllowlist": [
"did:web:healthbot.epic.com",
"did:web:medical.google.com"
]
},
{
"path": "/api/v1/directory/*",
"allow": true,
"actions": ["api_call", "read"],
"requireVerification": true,
"rateLimit": {
"requests": 100,
"window": "hour"
}
},
{
"path": "/admin/**",
"allow": false
}
],
"verification": {
"method": ["verifiable-credential"],
"registry": "https://registry.agentpolicy.org",
"trustedIssuers": [
"did:web:trust.agentpolicy.org",
"did:web:hipaa-compliance.hhs.gov"
],
"verificationEndpoint": "https://hospital.example.com/agent-verify"
},
"contact": {
"email": "compliance@hospital.example.com",
"policyUrl": "https://hospital.example.com/ai-policy",
"abuseUrl": "https://hospital.example.com/report-violation"
},
"metadata": {
"description": "HIPAA-sensitive healthcare policy: deny all by default, patient/records paths fully blocked, only allowlisted verified agents may book appointments. Public info (hours, locations) readable without verification.",
"owner": "Example Hospital System",
"lastModified": "2026-02-14T00:00:00Z",
"license": "Apache-2.0"
}
}