# SCRIMED Clinical Care Activation Readiness Brief

Status: clinical-care-activation-gated
Care execution authority: not-authorized-live-care
Proof stack: clinical-care-activation-readiness-gated
Readiness score: 19% foundation-ready gates (3/16)

## Boundary
SCRIMED Clinical Care Activation Readiness prepares regulated clinical deployment, but it does not authorize live clinical care, PHI processing, diagnosis, treatment, order entry, patient outreach, emergency triage, medical-device use, payer submission, record mutation, or autonomous clinical execution. Production clinical care requires signed customer scope, BAA/DPA where applicable, privacy/security/legal review, regulatory classification, licensed clinical governance, validated human-review workflow, approved connectors, monitoring, incident response, rollback, and explicit customer go-live approval.

## Authorized Current-Boundary Capabilities
- Synthetic clinical workflow simulation: Uses synthetic scenarios and fixtures only; does not process live PHI or patient-specific data.
- Enterprise clinical-care readiness planning: Supports buyer diligence, gate tracking, governance planning, and pilot design without delivering care.
- Human-reviewed operational intelligence pilots: May be sold as governed synthetic or approved de-identified evaluation work; patient-impacting action remains blocked.

## Blocked Before Clinical Go-Live
- live diagnosis
- live treatment recommendation
- emergency triage or emergency advice
- order entry
- prescribing or medication changes
- EHR writeback or production record mutation
- patient outreach or patient instruction
- patient-specific risk prediction
- autonomous clinical decision support
- payer submission, claim submission, or coverage determination
- imaging interpretation for care
- medical-device functionality
- PHI or ePHI processing

## Hard Gates
- Intended-use and regulatory classification review (external-review-required): Any clinical decision-support, diagnostic, treatment, or medical-device-like deployment claim. Safe workaround: Keep outputs framed as operational intelligence, synthetic evaluation, draft support, or clinician-reviewed planning until classification is approved.
- Licensed clinical governance board and accountable medical director (blocked): Any care-team workflow that influences patient-specific clinical decisions. Safe workaround: Run buyer demos and synthetic workflow reviews with clear non-clinical boundary language.
- Clinical safety case, hazard analysis, and escalation model (external-review-required): Prospective clinical pilots, patient-specific risk prompts, or human-reviewed clinical workflows. Safe workaround: Use TrustOS blocked-action traces and synthetic risk examples without patient-specific execution.
- Signed customer clinical scope and care-setting authorization (customer-specific): Any customer-environment clinical pilot or production workflow. Safe workaround: Sell and deliver synthetic pilot evaluation, readiness assessment, governance audit, and implementation blueprint packages.
- BAA/DPA path, privacy notices, retention, residency, and processing register (customer-specific): Any PHI, ePHI, payer member data, live clinical record, or patient identifier enters SCRIMED systems. Safe workaround: Keep public and pilot routes synthetic-only and metadata-only until the customer-specific data path is signed.
- HIPAA Security Rule safeguard mapping (external-review-required): Any ePHI processing or production healthcare customer security review. Safe workaround: Use current TrustOS, protected workspace, audit, rate-limit, passkey/AAL2, and no-PHI controls as readiness evidence, not compliance certification.
- Production identity, RBAC, AAL2/SSO, and access review (foundation-ready): Customer users access protected clinical or operational workspaces. Safe workaround: Continue protected synthetic pilots with tenant-admin AAL2 and explicit role boundaries while customer SSO remains gated.
- PHI-ready data architecture, encryption, deletion, legal hold, and regional controls (blocked): Any live clinical data persistence, evidence vault upload, or production workspace memory. Safe workaround: Keep evidence vault readiness metadata-only and disable sensitive document upload until signed controls exist.
- FHIR, HL7, DICOM, X12, payer, and EHR connector validation (blocked): Any production connector reads, writes, orders, referrals, payer transactions, imaging retrieval, or record mutation. Safe workaround: Use deterministic synthetic conformance kits, integration fixtures, and connector contracts until a customer sandbox is approved.
- Human authority model, reviewer workflow, and override logging (foundation-ready): Any AI-assisted workflow that influences clinical, payer, or operational actions. Safe workaround: Keep every output draft-only, recommendation-like, evidence-backed, and review-required.
- Clinical validation protocol and licensed sign-off (blocked): Any patient-specific output is used in care delivery or clinical operations. Safe workaround: Measure workflow outcomes on synthetic or approved de-identified data while clinical correctness remains unvalidated.
- Clinical, privacy, security, and AI incident response playbooks (external-review-required): Any production clinical, PHI, or customer-integrated workflow. Safe workaround: Use current Trust Safety Operations incident workspaces for no-PHI synthetic issues and readiness rehearsal.
- Continuous validation, monitoring, drift, and outcome learning (foundation-ready): Scaled pilots, model-route changes, and production workflow expansion. Safe workaround: Retain synthetic QA and buyer-demo evidence while production observability remains customer-specific.
- Reimbursement, claims, coding, and payer policy review (customer-specific): Any prior authorization, claim, coding, denial appeal, reimbursement, or payer-submission workflow. Safe workaround: Provide denial-risk review and prior-auth support as draft, evidence-backed, human-reviewed operational intelligence.
- Patient communication, consent, accessibility, and emergency-care boundary (blocked): Any patient-facing outreach, education, triage, scheduling, or care-plan communication. Safe workaround: Keep patient-facing materials as internal draft templates for authorized human review.
- Production go-live approval, rollback plan, and post-launch controls (customer-specific): Any live clinical-care production launch. Safe workaround: Use buyer diligence exports, command intelligence packets, and clinical activation readiness briefs to prepare for approval.

## Activation Path
- Current: governed synthetic evaluation (foundation-ready): Use the sellable product, demos, proof stack, TrustOS, protected workspaces, and buyer diligence rooms without live patient data. Exit: Buyer, legal, privacy, security, regulatory, and clinical leaders agree on a scoped activation plan.
- Shadow-mode clinical readiness (customer-specific): Run SCRIMED in a customer-approved environment against de-identified or contract-approved data without impacting care. Exit: Outputs are measured against reviewer ground truth, error taxonomy, latency, safety, and workflow outcomes.
- Clinician-supervised prospective pilot (external-review-required): Introduce human-reviewed, scope-limited workflow support where authorized clinicians remain responsible for all decisions. Exit: No severe unresolved safety issues, acceptable override/escalation rates, and signed continuation approval.
- Limited production go-live (blocked): Run only the approved workflow, tenant, user group, connector set, and care setting with active monitoring. Exit: Customer approves expansion after post-launch review, quality evidence, and safety review.

## Source Authorities
- FDA Clinical Decision Support Software Guidance (2026-01-29): SCRIMED must classify intended use and clinical decision-support boundaries before any clinical deployment claim. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/clinical-decision-support-software
- HHS HIPAA Security Rule Summary (2026-06-19): SCRIMED must map administrative, physical, and technical safeguards before processing ePHI. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
- SCRIMED TrustOS, Product Console, and Protected Pilot Workspace (2026-06-19): Current product evidence supports governed synthetic pilots, audit trails, human review, protected operator workflows, and proof packets.

## Next Operator Actions
- Keep current demos and pilots synthetic or approved de-identified evaluation only.
- Package this readiness brief into buyer diligence before any clinical-care pilot discussion.
- Define one narrow intended use and care setting before legal, regulatory, privacy, and clinical review.
- Obtain licensed clinician governance and customer approval before any patient-specific workflow.
- Complete PHI, connector, monitoring, incident response, and rollback gates before go-live.