{
  "$schema": "https://openterms.com/schema/openterms.schema.json",
  "openterms_version": "0.2.0",
  "policy_id": "com.medirecords.platform.terms.2025",
  "service": {
    "name": "MediRecords",
    "domain": "medirecords.health",
    "description": "Healthcare records platform with HIPAA-compliant data handling",
    "tos_url": "https://medirecords.health/terms",
    "privacy_url": "https://medirecords.health/privacy"
  },
  "permissions": {
    "read_content": {
      "allowed": true,
      "conditions": "De-identified aggregate data only. No individual patient records without explicit authorization.",
      "requires_auth": true,
      "scope": "authenticated"
    },
    "create_account": false,
    "make_purchases": false,
    "scrape_data": false,
    "post_content": false,
    "modify_data": false,
    "delete_data": false,
    "automated_messaging": false,
    "api_access": {
      "allowed": true,
      "conditions": "Must complete BAA (Business Associate Agreement). API access logged and audited.",
      "requires_auth": true
    },
    "browser_automation": false,
    "execute_code": false,
    "access_user_data": {
      "allowed": true,
      "conditions": "Requires patient consent + BAA. All access logged for HIPAA audit trail.",
      "requires_auth": true,
      "scope": "authenticated"
    }
  },
  "rate_limits": {
    "requests_per_minute": 10,
    "requests_per_hour": 100,
    "requests_per_day": 500,
    "concurrent_sessions": 1
  },
  "data_handling": {
    "stores_agent_data": true,
    "shares_with_third_parties": false,
    "retention_days": 2555,
    "gdpr_compliant": true,
    "ccpa_compliant": true,
    "hipaa_compliant": true,
    "data_residency": "US"
  },
  "authentication": {
    "required": true,
    "methods": ["oauth2", "mTLS"],
    "registration_url": "https://medirecords.health/developers",
    "docs_url": "https://docs.medirecords.health/auth"
  },
  "verification": {
    "jwks_url": "https://medirecords.health/.well-known/jwks.json",
    "signing_algorithm": "Ed25519"
  },
  "requires_consent": true,
  "jurisdiction": "US",
  "contact": {
    "email": "hipaa-officer@medirecords.health",
    "name": "MediRecords HIPAA Compliance",
    "url": "https://medirecords.health/compliance"
  },
  "last_updated": "2025-02-01",
  "expires": "2025-08-01",
  "extensions": {
    "health.hipaa.baa_required": true,
    "health.hipaa.audit_log_url": "https://medirecords.health/api/audit-log",
    "health.phi_access_level": "de-identified"
  }
}