⚠️ xEHR API handles PHI. A signed Business Associate Agreement (BAA) is required before accessing production data. All requests are HIPAA-logged.