PhiClaw vs Hermes Agent for Healthcare

When engineers and clinic operators compare Hermes Agent and PhiClaw, they are usually weighing two very different paths to the same goal: an AI agent that can actually run work, not just chat about it. Hermes Agent is an open-source, self-hostable agent admired for its persistent memory; PhiClaw is the HIPAA-compliant, healthcare-specialized build of the OpenClaw agent technology, delivered as a managed service.

The real question for a medical practice is not whose agent is smarter. It is who owns the compliance work. Self-hosting any open-source agent means your practice takes on the entire HIPAA burden. PhiClaw hands you the same kind of agent power with the legal contract, the infrastructure, and the medical workflows already in place.

What is Hermes Agent?

Hermes Agent is an open-source AI agent you typically run yourself, known for persistent memory that lets it carry context across sessions. For a developer who wants full control of the code and the data, that openness is a genuine strength.

Like other open-source agents, though, the raw project ships with no signed Business Associate Agreement and no built-in HIPAA program. A BAA is the legal contract a vendor signs promising to protect patient health information under HIPAA; without one, you cannot legally route patient data through that tool. With self-hosted open source, there is no vendor on the other side of that contract — the responsibility is yours.

Where PhiClaw goes further

PhiClaw starts from the same agent foundation but finishes the job a clinic actually needs done. It signs a BAA with every practice on every plan, runs on HIPAA-eligible infrastructure with subprocessor BAAs from AWS (including Amazon Bedrock) and Convex, and handles compliant calls through voice partner Retell AI.

It also ships the practice itself: a built-in HIPAA EHR and CRM, e-prescribing including controlled substances, a SOAP-note scribe, patient intake, billing, fax, and patient messaging across WhatsApp, iMessage, Slack, Telegram, and web. None of that has to be built, wired, or secured by you.

• Agent power: both give you a capable, memory-aware agent that can plan and act.
• Compliance ownership: PhiClaw owns it under a signed BAA; with self-hosted Hermes, your practice owns all of it.

Head-to-head for a clinic

• HIPAA BAA: PhiClaw signs one with every practice on every plan; raw open-source agents ship no signed BAA, so confirm with whoever you contract for hosting.
• Hosting: PhiClaw is fully managed on HIPAA-eligible AWS and Convex; Hermes is something you self-host and harden yourself.
• Built-in EHR/CRM: PhiClaw includes a HIPAA EHR and CRM out of the box; an open-source agent has none.
• Medical workflows: PhiClaw ships scribing, intake, e-prescribing, billing, and fax; with Hermes you build each from scratch.
• Integrations: PhiClaw connects to 30+ major EHRs plus 300+ integrations via Keragon, with free migration; integration work on a self-hosted agent is yours.
• Pricing model: PhiClaw is flat and predictable — Starter at $300/mo, Growth at $1,000/mo with unlimited messages; self-hosting carries server, security, and engineering costs you absorb.
• Time to value: PhiClaw is live in days; a hardened, compliant self-hosted deployment is a project measured in months.

When Hermes Agent is still the right call

If you are an engineering team that wants to own the code, run on your own servers, and treat HIPAA as an in-house project you have the staff to manage, an open-source agent like Hermes is a legitimate choice. You get maximum control and no vendor lock-in.

But control cuts both ways. Every security control, audit log, BAA with each subprocessor, and ongoing patch is now your obligation. For most independent practices without a dedicated security team, that is the expensive part — and exactly what PhiClaw absorbs for you.

Clinical responsibility either way

Whichever path you choose, the agent assists the workflow — the licensed clinician stays the decision-maker. PhiClaw is built so that a doctor reviews and signs off where it matters, while the agent handles the surrounding labor. Across roughly four months since launch it has executed 76,000+ tasks and answered 83% of patient messages in under 60 seconds, with the clinician always in the loop.

Frequently asked questions

Is Hermes Agent HIPAA compliant?

As open-source software you self-host, Hermes Agent does not ship a signed BAA or a built-in HIPAA program by default. That means your practice would be responsible for the entire compliance posture, including BAAs with any hosting and infrastructure providers. If you go this route, confirm every detail with whoever you contract for hosting before sending any patient data through it.

What does a BAA actually cover, and does PhiClaw sign one?

A Business Associate Agreement is the legal contract in which a vendor promises to safeguard protected health information under HIPAA. PhiClaw signs a BAA with every practice on every plan, and its subprocessors (AWS, Convex, and Retell AI) operate under BAAs as well. Without that chain of contracts, sharing patient data with a tool is not HIPAA-compliant.

Can PhiClaw do what a general open-source agent does?

Yes. PhiClaw is the HIPAA-compliant build of the OpenClaw agent technology, so you get capable, context-aware agent behavior. The difference is that PhiClaw arrives already wired for medical work — EHR/CRM, scribing, prescribing, billing, and messaging — instead of you assembling those pieces yourself.

How long does PhiClaw take to set up compared to self-hosting?

PhiClaw is a managed service that is typically live in days, including free migration from your current EHR or CRM. A self-hosted open-source agent that meets HIPAA standards is a longer engineering project, because you build, secure, and document the compliance program yourself.

Who is responsible for security with each option?

With a self-hosted agent, your practice owns security, audit logging, patching, and every subprocessor agreement. With PhiClaw, that work is handled under its BAA on HIPAA-eligible infrastructure. The clinician still owns clinical decisions in both cases.