HIPAA-Compliant OpenClaw Deployment on LiquidWeb
This guide is a technical reference, not legal advice. HIPAA compliance requires a documented risk analysis, staff training, written policies, and a signed Business Associate Agreement (BAA) with each vendor who handles PHI. Consult a qualified HIPAA compliance officer before handling Protected Health Information in any system.
Healthcare teams want the clinical and administrative productivity of an AI assistant, but almost every mainstream AI service stores data on shared infrastructure with no BAA. OpenClaw with NemoClaw on a dedicated, BAA-covered host addresses that: data stays on your hardware, agent-level access is enforced, and every action is logged.
The baseline risk is not hypothetical. Security researchers have identified 341 malicious skills in the ClawHub marketplace and 135,000+ OpenClaw instances exposed to the internet without authentication. Base OpenClaw has no audit trail, no network egress policy, and no mechanism to stop a compromised skill from reading PHI files and forwarding them to an external host. For covered entities and business associates, that is a direct §164.312 violation waiting to happen.
NemoClaw closes these gaps at the process level: Landlock filesystem restrictions, seccomp syscall filtering, and operator-controlled egress policies. Combined with Liquid Web's HIPAA-compliant dedicated servers and a signed BAA, you get a stack where PHI never leaves the host and every agent action is logged, enough to stand up a §164.308 risk analysis.
This guide covers the full stack: Liquid Web HIPAA server, NemoClaw sandboxing, local GPU inference, encryption at rest, audit logging, and network isolation.
Threat Model
Before designing controls, understand what you are protecting against:
| Threat | Without Controls | With This Stack |
|---|---|---|
| PHI sent to cloud API | Likely (default OpenClaw config) | Prevented by local inference |
| Agent accesses unauthorized files | Possible (permissive agent runtime) | Blocked by Landlock in NemoClaw |
| Agent makes unexpected network calls | Possible | Blocked by NemoClaw egress policy |
| Unauthorized user access | Depends on auth config | Mitigated by SSH keys + VPN + Caddy auth |
| Audit trail gaps | No default logging | NemoClaw audit logs + LiquidWeb managed logging |
| Data loss | Depends on backup config | LiquidWeb Acronis backups + your own off-site |
What NemoClaw Adds for HIPAA
A common critique of self-hosted OpenClaw for healthcare is that base OpenClaw lacks every HIPAA-required control. That critique is correct for bare OpenClaw. NemoClaw changes the picture:
| HIPAA Requirement | Bare OpenClaw | OpenClaw + NemoClaw (this guide) |
|---|---|---|
| Audit trail | No structured logging | JSON audit log of every file access and network call |
| Network egress control | None (agent can exfiltrate to any host) | Policy allowlist; all other connections blocked at kernel level |
| Skills supply chain risk | High (malicious skills run with full process privileges) | Sandboxed; Landlock + seccomp limits what any skill can do |
| PHI isolation | No (cloud API inference sends data offsite) | Local vLLM; NemoClaw egress policy blocks all cloud endpoints |
| Business Associate Agreement | Not available (OpenClaw is software, not a service) | LiquidWeb signs BAA; OpenClaw + NemoClaw runs on that infrastructure |
| Encryption at rest | Manual configuration required | LUKS encryption + LiquidWeb Acronis backup (AES-256) |
| Access controls | No RBAC (all users see the same agent) | VPN + Caddy auth layer; NemoClaw audit logs track per-user access |
| Breach notification | Your responsibility with no supporting tooling | NemoClaw audit logs + LiquidWeb IDS support your investigation |
Managed services like KiwiClaw provide a hosted alternative for teams that do not want to manage infrastructure. This guide is for teams that need to own the stack because their compliance requirements, data residency rules, or cost structure require it.
Liquid Web HIPAA Hosting
Liquid Web advertises HIPAA-compliant hosting used by 400+ healthcare organizations.
What Liquid Web provides on HIPAA plans:
- Signed Business Associate Agreement (BAA)
- Dedicated single-tenant physical servers
- Hardware firewall with intrusion detection
- Site-to-site VPN (OpenVPN or WireGuard)
- Acronis backup with encryption in transit and at rest
- 24/7 staffed, access-controlled data centers
- Fully managed OS patching
HIPAA package tiers:
| Package | Notes |
|---|---|
| Standalone HIPAA Server | Single server for non-core healthcare apps (provider sites, portals, research) |
| HIPAA Server + Firewall | Adds hardware firewall, VPN, and IDS for sensitive workloads |
| HIPAA Multi-Server | Multi-tier architecture with database isolation, for production clinical apps |
Liquid Web does not publish HIPAA pricing. Plans are quote-based and typically run several hundred dollars per month for a single-server configuration, with the BAA signed before provisioning begins. Contact Liquid Web's HIPAA team or call 1-800-580-4985 to scope your deployment.
Ask for during the sales call:
- BAA draft emailed before you commit (read it before signing)
- Recent SOC 2 Type II report
- Whether their third-party HIPAA audit report is available under NDA
- GPU options on HIPAA-tier bare metal (not listed on the public GPU page; available on request for workloads that need local inference)
- Expected time from signed BAA to server handoff
Architecture
For HIPAA workloads, the recommended stack is:
Internet → VPN/SSH (LiquidWeb firewall) → Caddy (TLS) → OpenClaw Gateway
↓
NemoClaw Policy Engine
↓
OpenShell Sandbox (Landlock + seccomp)
↓
vLLM / Local NIM (no cloud egress for PHI)
No PHI leaves the server. The VPN provides encrypted access for clinical staff.
Step 1: Provision the Liquid Web HIPAA Server
- Contact Liquid Web sales: call 1-800-580-4985 or start a chat from the HIPAA hosting page
- Discuss your workload (user count, model inference needs, single- vs multi-server)
- Review and sign the BAA before provisioning begins
- Request a dedicated server with:
- Ubuntu 22.04 LTS
- Hardware firewall
- IDS enabled
- Acronis backup
- VPN (WireGuard or OpenVPN)
Once provisioned, connect via VPN before SSH:
# Connect to LiquidWeb VPN first (WireGuard example)
sudo wg-quick up liquidweb-hipaa
# Then SSH
ssh admin@10.10.x.x # Internal VPN IP
Step 2: Install OpenShell and NemoClaw
Follow the NemoClaw installation overview. Install both as system services so they survive reboots, and pin to a specific NemoClaw release. It is Alpha software, so do not track latest on a HIPAA host.
# Use the current install commands from github.com/NVIDIA/NemoClaw and
# developer.nvidia.com — they evolve during Alpha. Then verify:
openshell --version
nemoclaw --version
Record the installed versions in your change management log. HIPAA §164.308(a)(1)(ii)(D) requires documented system activity review, which includes component versioning.
Step 3: Configure NemoClaw HIPAA Policy
Create /etc/nemoclaw/policy.yaml with strict controls for PHI workloads:
# /etc/nemoclaw/policy.yaml — HIPAA hardened profile
sandbox:
landlock:
enabled: true
allowed_paths:
- path: /home/openclaw/workspace
permissions: [read, write]
- path: /tmp/openclaw
permissions: [read, write]
deny_paths:
- /etc
- /home
- /root
- /var/log
- /proc
seccomp:
profile: strict # Removes ptrace, raw sockets, and other high-risk syscalls
network:
egress:
allow:
# Only allow connections to your internal services
# NO external API calls — inference is local only
- host: "localhost"
port: 8000 # vLLM
- host: "localhost"
port: 18789 # OpenClaw gateway
deny_all_other: true
audit:
enabled: true
log_path: /var/log/nemoclaw/audit.log
log_level: verbose
log_phi_access: true # Log any file access attempts
retention_days: 2555 # 7 years — HIPAA minimum is 6 years
Step 4: Local Inference (No PHI to Cloud)
For HIPAA workloads, do not use cloud API inference backends. Route all inference through local vLLM or NIM.
Using vLLM on the same server (or a dedicated GPU server within the same HIPAA network):
docker run -d \
--name vllm-hipaa \
--gpus all \
--restart unless-stopped \
--network host \
-v /data/models:/root/.cache/huggingface \
vllm/vllm-openai:v0.6.x \
--model meta-llama/Llama-3.3-70B-Instruct \
--host 127.0.0.1 \
--port 8000
Binding to 127.0.0.1 with --network host keeps vLLM reachable only from the host loopback. The NemoClaw sandbox uses host.openshell.internal, which maps to the host from inside the sandbox without exposing port 8000 on any other interface. Pin the vLLM image tag; :latest is a compliance liability on a PHI host.
Configure OpenClaw to use local vLLM:
# ~/.openclaw/config.yaml
llm:
provider: vllm
base_url: http://localhost:8000/v1
model: meta-llama/Llama-3.3-70B-Instruct
# Explicitly disable cloud fallback
llm_fallback:
enabled: false
Then set NemoClaw inference:
openshell inference set --provider vllm-local --model meta-llama/Llama-3.3-70B-Instruct
Step 5: Encryption at Rest
Encrypt the OpenClaw data directory and model storage:
# Install LUKS (built into Ubuntu)
sudo apt-get install -y cryptsetup
# If using a separate data volume (recommended for HIPAA servers)
sudo cryptsetup luksFormat /dev/sdb
sudo cryptsetup luksOpen /dev/sdb openclaw-data
sudo mkfs.ext4 /dev/mapper/openclaw-data
sudo mount /dev/mapper/openclaw-data /data/openclaw
# Add to /etc/crypttab for auto-mount with keyfile
echo "openclaw-data /dev/sdb /etc/openclaw-luks.key" | sudo tee -a /etc/crypttab
Liquid Web's Acronis backup encrypts HIPAA-plan backups at rest and in transit. Document your encryption implementation in the risk analysis. HIPAA §164.312(a)(2)(iv) treats encryption as an "addressable" specification, meaning you must either implement it or document why not.
Step 6: Access Controls and Authentication
Set up mandatory 2FA for the OpenClaw dashboard. Add HTTP basic auth or mTLS at the Caddy layer as a second factor:
# /etc/caddy/Caddyfile — HIPAA hardened
yourdomain.com {
# Restrict to VPN subnet only
@vpn_only {
remote_ip 10.10.0.0/16
}
handle @vpn_only {
basicauth {
# Generate hash: caddy hash-password
clinician1 $2a$14$...
}
reverse_proxy localhost:18789
}
respond "Access denied" 403
}
Only staff connected to the LiquidWeb VPN can reach the dashboard. Combine with SSH key-based access for admin operations.
Step 7: Audit Logging and Monitoring
NemoClaw writes structured audit logs to /var/log/nemoclaw/audit.log. These are required for HIPAA compliance:
# View recent audit events
tail -f /var/log/nemoclaw/audit.log | jq .
# Example audit log entry
{
"timestamp": "2026-03-19T14:32:01Z",
"session_id": "sess_abc123",
"user": "clinician1",
"event": "file_access",
"path": "/home/openclaw/workspace/patient_notes.txt",
"action": "read",
"permitted": true
}
Set up log forwarding to your SIEM or a centralized log store:
# Example: forward to syslog (and from there to your SIEM)
cat << 'EOF' >> /etc/rsyslog.conf
if $programname == 'nemoclaw' then /var/log/nemoclaw/audit.log
if $programname == 'nemoclaw' then @@your-siem:514
EOF
sudo systemctl restart rsyslog
Set up a cron to verify log retention:
# Alert if audit logs are older than 1 day (catch silent failures)
0 6 * * * find /var/log/nemoclaw -name "*.log" -mtime +1 -exec \
echo "AUDIT LOG STALE: {}" | mail -s "HIPAA Alert" compliance@yourorg.com \;
Step 8: Incident Response Runbook
Document and test these procedures before going live:
- Potential PHI breach: Immediately isolate the server (
ufw deny all), snapshot logs and memory before anything else, and runopenshell network audit. Notify your HIPAA Privacy Officer. Per §164.404, breach notification to affected individuals is required without unreasonable delay and no later than 60 days after discovery; HHS notification timing depends on breach size. - Failed authentication spike: Review
/var/log/auth.logand/var/log/nemoclaw/audit.log. Block the source inufw. Escalate to Liquid Web support if attacks persist; they can apply firewall rules upstream. - Agent misbehavior: Check NemoClaw audit logs for unauthorized path or network access. Kill the session:
openshell session kill SESSION_ID. Preserve logs for post-incident review before clearing state. - Server failure: Liquid Web 24/7 support at 1-800-580-4985. Acronis restore time depends on data size, so test it before going live.
Compliance Checklist
Before going live with PHI:
- Signed BAA with LiquidWeb
- Risk analysis documented
- Encryption at rest on all PHI storage paths
- NemoClaw egress policy blocks all cloud API endpoints
- Local inference only, no PHI to cloud
- Audit logging enabled and retention set to 7 years
- Access control: VPN + MFA required for dashboard
- Backup tested (restore, not just backup)
- Incident response runbook written and tested
- Staff training on acceptable use documented
Yes. Liquid Web signs BAAs for customers on their HIPAA-compliant hosting plans, and the BAA is signed before provisioning begins. Contact sales at 1-800-580-4985 or start a chat from their HIPAA hosting page to scope the plan and request the BAA draft.
Only with a BAA signed by that provider, and only on a plan they've designated HIPAA-eligible. Anthropic and OpenAI offer enterprise BAAs on specific zero-retention tiers, not on their default API. That's a separate contract and a higher-tier commitment. The simplest path to HIPAA compliance is local inference (NemoClaw with vLLM on Liquid Web GPU bare metal) so PHI never leaves your server.
NemoClaw's Alpha status means its API may change, but the underlying security primitives (Landlock, seccomp, network namespaces) are mature Linux kernel features. Do not rely on NemoClaw as your only control. Layer it with infrastructure controls (firewall, VPN, encrypted storage) and document your risk acceptance for the Alpha status.
HIPAA §164.316(b)(2) requires documentation (including audit logs relevant to policies and procedures) to be retained for at least 6 years from creation or last effective date. Many organizations set 7 years to cover audit cycles and state-law overlays. Set NemoClaw's retention_days to at least 2190 (6 years) or 2555 (7 years) and ship logs off-box so a single server compromise cannot destroy them.
Pin NemoClaw to a specific version (e.g., nemoclaw@0.3.2) and do not auto-update. Test every update in a non-PHI staging environment before applying to production. Add NemoClaw updates to your change management process.
It depends on your team's capacity. KiwiClaw and similar managed services handle infrastructure, patching, and compliance tooling for you, which suits teams without dedicated DevOps. OpenClaw + NemoClaw on Liquid Web gives you full infrastructure ownership and no vendor lock-in, with Liquid Web handling OS patching and physical security under the BAA. The trade-off is operational responsibility: you own the app layer, backup testing, and incident response. If your compliance profile demands data residency you control or you need to own the full stack for audit, self-hosted NemoClaw is the right path.
Common mistakes and fixes
Audit logs are not writing to the configured path.
The NemoClaw service account must have write permission to the audit log directory. Run: chown -R nemoclaw:nemoclaw /var/log/nemoclaw && chmod 750 /var/log/nemoclaw. Then restart: systemctl restart nemoclaw.
Liquid Web HIPAA server provisioning is delayed.
HIPAA orders require BAA signing and manual review before hardware is provisioned. Contact Liquid Web sales at 1-800-580-4985. Expect 1–2 business days from signed BAA to server handoff, not the 15-minute turnaround of a standard VPS.
VPN connection to Liquid Web HIPAA server drops intermittently.
For OpenVPN, set keepalive 10 120 in the server config to prevent idle disconnects. For WireGuard, add PersistentKeepalive = 25 to each peer block. If drops persist, check that the Liquid Web hardware firewall isn't timing out UDP flows, then contact support to extend the UDP state timeout.



