{"service":"scrimed-clinical-context-gateway","status":"clinical-context-gateway-ready-no-phi","version":"scrimed-clinical-context-gateway-v2026-07-03","envelopeVersion":"scrimed-context-envelope-v1","route":"/healthcare-intelligence-os#clinical-context-gateway","apiRoute":"/api/clinical-context-gateway","briefRoute":"/api/clinical-context-gateway/brief","updated":"2026-07-03","dataBoundary":"governed-semantic-context-only-no-live-phi","rawSchemaAccess":"blocked","rawConnectorPayloadAccess":"blocked","clinicalCareAuthority":"not-authorized-live-care","recordMutationAuthority":"not-authorized","payerSubmissionAuthority":"not-authorized","patientOutreachAuthority":"not-authorized","productionConnectorAuthority":"not-production-connector-approved","supportedScopes":["patient-context-summary","clinical-workflow-context","payer-rcm-context","imaging-metadata-context","medication-context","research-evidence-context","population-health-context","operations-context","source-contract-review"],"gatewayControls":["strict metadata-only request schema","source contract allowlist","semantic concept allowlist","Clinical Data Governance policy decision","minimum necessary access","tenant scope required","no raw database schema exposure","no raw connector payload exposure","no credential exposure","context envelope hashing","audit envelope generation","human review for deidentified, limited, research, or customer release paths","blocked autonomous clinical, payer, outreach, and record-mutation actions"],"sourceContractCount":9,"baselineEvaluationCount":5,"baselineEvaluations":[{"id":"internal-fhir-metadata-context","decision":{"status":"semantic-context-ready","statusCode":200,"allowed":true,"requiresHumanReview":false,"sourceContract":{"id":"fhir-r4-us-core","kind":"fhir","name":"FHIR R4 / US Core resource exchange","standards":["FHIR R4","US Core","USCDI","SMART on FHIR","FHIR AuditEvent","FHIR Provenance"],"canonicalEntities":["patient","provider","organization","encounter","condition","observation","lab-result","medication","procedure","care-plan","coverage","consent","audit-event"]},"governanceDecision":{"status":"allowed","statusCode":200,"policyVersion":"scrimed-clinical-data-governance-v2026-07-03","requestClassification":"metadata-only","allowed":true,"requiresHumanReview":false,"blockers":[],"requiredControls":["tenant scope","minimum necessary","purpose of use","data class classification","consent policy","human review state","data residency","contract readiness","destination policy","no autonomous clinical authority"],"satisfiedControls":["tenant scope","minimum necessary","purpose of use","data class classification","no autonomous clinical authority","consent policy","contract readiness","data residency","human review state","destination policy"],"reviewRequirements":[],"retainedNoGoBoundaries":["live PHI processing is not authorized","production connector activation is not authorized","record mutation is not authorized","payer submission is not authorized","patient outreach is not authorized","external model PHI processing is not authorized","autonomous diagnosis is not authorized","autonomous treatment is not authorized","autonomous prescribing is not authorized","customer go-live approval is not authorized"],"rationale":"Request stays inside SCRIMED's metadata-only, minimum-necessary, tenant-scoped, no-live-PHI governance boundary."},"blockers":[],"reviewRequirements":[],"contextEnvelope":{"envelopeVersion":"scrimed-context-envelope-v1","deliveryMode":"semantic-contract-only","sourceContractId":"fhir-r4-us-core","sourceKind":"fhir","requestedContextScope":"patient-context-summary","requestedConcepts":["patient","encounter","condition","observation"],"allowedSemanticConcepts":[{"entity":"patient","standardBindings":["FHIR Patient","HL7 PID","X12 subscriber/member loops"],"requiredProvenance":["source system","identity namespace","match confidence","review state"],"confidenceInputs":["identifier agreement","demographic agreement","source trust","recency","manual merge state"],"limitations":["patient merge","identity federation activation","biometric match finalization","semantic context only","human review before clinical, payer, patient-facing, or record-impacting use"]},{"entity":"encounter","standardBindings":["data class","purpose of use","retention policy","residency policy","minimum necessary"],"requiredProvenance":["tenant","source system","source artifact","timestamp","confidence","review state"],"confidenceInputs":["source trust","recency","review state","provenance completeness"],"limitations":["autonomous clinical action","record mutation","external submission","patient outreach","connector activation","semantic context only","human review before clinical, payer, patient-facing, or record-impacting use"]},{"entity":"condition","standardBindings":["FHIR Condition","HL7 DG1","X12 diagnosis loops"],"requiredProvenance":["source document/resource","author/source","recorded date","verification status"],"confidenceInputs":["terminology match","source priority","verification status","recency","conflict count"],"limitations":["diagnosis creation","diagnosis removal","risk score use in live care","semantic context only","human review before clinical, payer, patient-facing, or record-impacting use"]},{"entity":"observation","standardBindings":["data class","purpose of use","retention policy","residency policy","minimum necessary"],"requiredProvenance":["tenant","source system","source artifact","timestamp","confidence","review state"],"confidenceInputs":["source trust","recency","review state","provenance completeness"],"limitations":["autonomous clinical action","record mutation","external submission","patient outreach","connector activation","semantic context only","human review before clinical, payer, patient-facing, or record-impacting use"]}],"evidenceRequirements":["CapabilityStatement reviewed","profile URLs and versions captured","SMART scopes approved","tenant consent and purpose-of-use policy approved","source system","resource type","profile URL","version","lastUpdated","tenant","purpose of use","gateway audit envelope","governance policy decision","human review state"],"blockedRawAccess":["raw database schema","raw connector payload","source-system credentials","live patient identifiers","free-text patient notes","DICOM pixel data","EHR writeback channel","payer submission channel","patient communication channel"],"downstreamAgentInstructions":["Use only the semantic concepts listed in this envelope.","Preserve provenance, evidence requirements, confidence inputs, and limitations in every output.","Escalate missing, conflicting, low-confidence, clinical, payer, outreach, or record-mutation implications to human review.","Do not infer diagnosis, treatment, prescribing, imaging interpretation, payer submission, patient outreach, or EHR writeback authority.","Do not request raw source schemas, raw connector payloads, credentials, or unrestricted queries."],"containsPhi":false,"includesRawSourcePayload":false,"includesRawDatabaseSchema":false,"includesCredentials":false},"reviewPacket":null,"auditEnvelope":{"gatewayVersion":"scrimed-clinical-context-gateway-v2026-07-03","governancePolicyVersion":"scrimed-clinical-data-governance-v2026-07-03","traceId":"baseline-internal-fhir-metadata-context","sourceContractId":"fhir-r4-us-core","route":"/api/clinical-context-gateway","action":"semantic-context-request","decision":"semantic-context-ready","governanceDecision":"allowed","inputClassification":"metadata-only","phiDetected":false,"syntheticOnly":true,"rawAccessBlocked":true,"humanReviewRequired":false,"requestHash":"c497a823697df5e9108c021bbbbd836f5e77012e7e83fa31bc4f9132c5df05d7","envelopeHash":"751086c4c90efbaa84fed613b09f198d4c26f4e741516dbd246cc072990bc499"},"rationale":"Context request stays inside SCRIMED's metadata-only semantic gateway. The returned envelope contains governance, provenance, confidence, and blocked-use instructions only."}},{"id":"deidentified-document-review-context","decision":{"status":"review-required","statusCode":202,"allowed":false,"requiresHumanReview":true,"sourceContract":{"id":"clinical-documents-notes","kind":"ccd-ccda","name":"Clinical documents, notes, and C-CDA/CCD packages","standards":["C-CDA","CCD","FHIR DocumentReference","LOINC document codes","SNOMED CT"],"canonicalEntities":["document","patient","encounter","condition","medication","procedure","care-plan","provider"]},"governanceDecision":{"status":"requires-human-review","statusCode":202,"policyVersion":"scrimed-clinical-data-governance-v2026-07-03","requestClassification":"deidentified-or-aggregate","allowed":false,"requiresHumanReview":true,"blockers":[],"requiredControls":["tenant scope","minimum necessary","purpose of use","data class classification","consent policy","human review state","data residency","contract readiness","destination policy","no autonomous clinical authority"],"satisfiedControls":["tenant scope","minimum necessary","purpose of use","data class classification","no autonomous clinical authority","consent policy","contract readiness","data residency","destination policy"],"reviewRequirements":["qualified human review is required before release"],"retainedNoGoBoundaries":["live PHI processing is not authorized","production connector activation is not authorized","record mutation is not authorized","payer submission is not authorized","patient outreach is not authorized","external model PHI processing is not authorized","autonomous diagnosis is not authorized","autonomous treatment is not authorized","autonomous prescribing is not authorized","customer go-live approval is not authorized"],"rationale":"Request remains inside metadata or deidentified governance boundaries but requires qualified human review before release or customer-environment use."},"blockers":[],"reviewRequirements":["qualified human review is required before release"],"contextEnvelope":null,"reviewPacket":{"sourceContractId":"clinical-documents-notes","requestedContextScope":"clinical-workflow-context","requestedConcepts":["document","condition","medication"],"reason":"Request remains inside metadata or deidentified governance boundaries but requires qualified human review before release or customer-environment use.","requiredReviewers":["clinical data steward","privacy/security reviewer","workflow owner"],"retainedBoundaries":["live PHI processing is not authorized","production connector activation is not authorized","record mutation is not authorized","payer submission is not authorized","patient outreach is not authorized","external model PHI processing is not authorized","autonomous diagnosis is not authorized","autonomous treatment is not authorized","autonomous prescribing is not authorized","customer go-live approval is not authorized"]},"auditEnvelope":{"gatewayVersion":"scrimed-clinical-context-gateway-v2026-07-03","governancePolicyVersion":"scrimed-clinical-data-governance-v2026-07-03","traceId":"baseline-deidentified-document-review-context","sourceContractId":"clinical-documents-notes","route":"/api/clinical-context-gateway","action":"semantic-context-request","decision":"review-required","governanceDecision":"requires-human-review","inputClassification":"deidentified-or-aggregate","phiDetected":false,"syntheticOnly":true,"rawAccessBlocked":true,"humanReviewRequired":true,"requestHash":"02343244dbe4764b8e7cf728e583a105bb860cc2d843bab52a6ff14e7bb09e1e","envelopeHash":null},"rationale":"Context request is policy-contained but needs qualified human review before semantic context is released or used for customer-facing work."}},{"id":"phi-external-model-context","decision":{"status":"blocked","statusCode":403,"allowed":false,"requiresHumanReview":false,"sourceContract":{"id":"fhir-r4-us-core","kind":"fhir","name":"FHIR R4 / US Core resource exchange","standards":["FHIR R4","US Core","USCDI","SMART on FHIR","FHIR AuditEvent","FHIR Provenance"],"canonicalEntities":["patient","provider","organization","encounter","condition","observation","lab-result","medication","procedure","care-plan","coverage","consent","audit-event"]},"governanceDecision":{"status":"blocked","statusCode":403,"policyVersion":"scrimed-clinical-data-governance-v2026-07-03","requestClassification":"live-data-risk","allowed":false,"requiresHumanReview":false,"blockers":["live-data-risk classes are not authorized in the current SCRIMED platform boundary","consent policy is unknown","contract readiness is unknown","external model provider route is not authorized for this request","semantic context requests must stay inside governed control-plane or tenant boundaries"],"requiredControls":["tenant scope","minimum necessary","purpose of use","data class classification","consent policy","human review state","data residency","contract readiness","destination policy","no autonomous clinical authority"],"satisfiedControls":["tenant scope","minimum necessary","purpose of use","data class classification","no autonomous clinical authority","destination policy"],"reviewRequirements":["data residency must be confirmed before release or customer-environment use","human review state must be approved or explicitly not required"],"retainedNoGoBoundaries":["live PHI processing is not authorized","production connector activation is not authorized","record mutation is not authorized","payer submission is not authorized","patient outreach is not authorized","external model PHI processing is not authorized","autonomous diagnosis is not authorized","autonomous treatment is not authorized","autonomous prescribing is not authorized","customer go-live approval is not authorized"],"rationale":"Request is blocked by SCRIMED Clinical Data Governance because it crosses current data, connector, destination, consent, or action authority."},"blockers":["live-data-risk classes are not authorized in the current SCRIMED platform boundary","consent policy is unknown","contract readiness is unknown","external model provider route is not authorized for this request","semantic context requests must stay inside governed control-plane or tenant boundaries"],"reviewRequirements":["data residency must be confirmed before release or customer-environment use","human review state must be approved or explicitly not required"],"contextEnvelope":null,"reviewPacket":null,"auditEnvelope":{"gatewayVersion":"scrimed-clinical-context-gateway-v2026-07-03","governancePolicyVersion":"scrimed-clinical-data-governance-v2026-07-03","traceId":"baseline-phi-external-model-context","sourceContractId":"fhir-r4-us-core","route":"/api/clinical-context-gateway","action":"semantic-context-request","decision":"blocked","governanceDecision":"blocked","inputClassification":"live-data-risk","phiDetected":false,"syntheticOnly":true,"rawAccessBlocked":true,"humanReviewRequired":false,"requestHash":"d3180569445e41568994b903d702f6e758199d042fef1bb3adb7312d9367a345","envelopeHash":null},"rationale":"Context request is blocked before any semantic envelope is delivered because it violates source, governance, destination, data class, or authority boundaries."}},{"id":"payer-network-context-block","decision":{"status":"blocked","statusCode":403,"allowed":false,"requiresHumanReview":false,"sourceContract":{"id":"x12-claims-utilization","kind":"x12","name":"X12 eligibility, prior authorization, claims, and remittance context","standards":["X12 270/271","X12 278","X12 837","X12 835","FHIR Claim","FHIR Coverage"],"canonicalEntities":["patient","coverage","claim","procedure","condition","provider","organization"]},"governanceDecision":{"status":"blocked","statusCode":403,"policyVersion":"scrimed-clinical-data-governance-v2026-07-03","requestClassification":"metadata-only","allowed":false,"requiresHumanReview":false,"blockers":["payer transaction submission is not authorized","semantic context requests must stay inside governed control-plane or tenant boundaries"],"requiredControls":["tenant scope","minimum necessary","purpose of use","data class classification","consent policy","human review state","data residency","contract readiness","destination policy","no autonomous clinical authority"],"satisfiedControls":["tenant scope","minimum necessary","purpose of use","data class classification","no autonomous clinical authority","consent policy","contract readiness","data residency","destination policy"],"reviewRequirements":["human review state must be approved or explicitly not required"],"retainedNoGoBoundaries":["live PHI processing is not authorized","production connector activation is not authorized","record mutation is not authorized","payer submission is not authorized","patient outreach is not authorized","external model PHI processing is not authorized","autonomous diagnosis is not authorized","autonomous treatment is not authorized","autonomous prescribing is not authorized","customer go-live approval is not authorized"],"rationale":"Request is blocked by SCRIMED Clinical Data Governance because it crosses current data, connector, destination, consent, or action authority."},"blockers":["payer transaction submission is not authorized","semantic context requests must stay inside governed control-plane or tenant boundaries"],"reviewRequirements":["human review state must be approved or explicitly not required"],"contextEnvelope":null,"reviewPacket":null,"auditEnvelope":{"gatewayVersion":"scrimed-clinical-context-gateway-v2026-07-03","governancePolicyVersion":"scrimed-clinical-data-governance-v2026-07-03","traceId":"baseline-payer-network-context-block","sourceContractId":"x12-claims-utilization","route":"/api/clinical-context-gateway","action":"semantic-context-request","decision":"blocked","governanceDecision":"blocked","inputClassification":"metadata-only","phiDetected":false,"syntheticOnly":true,"rawAccessBlocked":true,"humanReviewRequired":false,"requestHash":"150935ed742a3f60e02ad178235743e62a425454da0a73297af7f49d0bbf220c","envelopeHash":null},"rationale":"Context request is blocked before any semantic envelope is delivered because it violates source, governance, destination, data class, or authority boundaries."}},{"id":"unknown-source-contract","decision":{"status":"blocked","statusCode":403,"allowed":false,"requiresHumanReview":false,"sourceContract":null,"governanceDecision":{"status":"allowed","statusCode":200,"policyVersion":"scrimed-clinical-data-governance-v2026-07-03","requestClassification":"metadata-only","allowed":true,"requiresHumanReview":false,"blockers":[],"requiredControls":["tenant scope","minimum necessary","purpose of use","data class classification","consent policy","human review state","data residency","contract readiness","destination policy","no autonomous clinical authority"],"satisfiedControls":["tenant scope","minimum necessary","purpose of use","data class classification","no autonomous clinical authority","consent policy","contract readiness","data residency","human review state","destination policy"],"reviewRequirements":[],"retainedNoGoBoundaries":["live PHI processing is not authorized","production connector activation is not authorized","record mutation is not authorized","payer submission is not authorized","patient outreach is not authorized","external model PHI processing is not authorized","autonomous diagnosis is not authorized","autonomous treatment is not authorized","autonomous prescribing is not authorized","customer go-live approval is not authorized"],"rationale":"Request stays inside SCRIMED's metadata-only, minimum-necessary, tenant-scoped, no-live-PHI governance boundary."},"blockers":["source contract is not registered in SCRIMED Clinical Data Fabric"],"reviewRequirements":[],"contextEnvelope":null,"reviewPacket":null,"auditEnvelope":{"gatewayVersion":"scrimed-clinical-context-gateway-v2026-07-03","governancePolicyVersion":"scrimed-clinical-data-governance-v2026-07-03","traceId":"baseline-unknown-source-contract","sourceContractId":"unregistered-source","route":"/api/clinical-context-gateway","action":"semantic-context-request","decision":"blocked","governanceDecision":"allowed","inputClassification":"metadata-only","phiDetected":false,"syntheticOnly":true,"rawAccessBlocked":true,"humanReviewRequired":false,"requestHash":"b2fd49a6c13200e0b15b52231cd70ead37988ced7ce1ce29ab0c6eb01b5a42a7","envelopeHash":null},"rationale":"Context request is blocked before any semantic envelope is delivered because it violates source, governance, destination, data class, or authority boundaries."}}],"validation":{"status":"passed","checks":[{"id":"allowed-metadata-context-covered","passed":true,"detail":"Metadata-only FHIR semantic context must produce a governed context envelope."},{"id":"human-review-context-covered","passed":true,"detail":"Deidentified/customer-review context must queue a review packet instead of delivering context automatically."},{"id":"blocked-context-covered","passed":true,"detail":"Unsafe destination, live-data, and unregistered-source requests must block before context delivery."},{"id":"semantic-envelope-excludes-raw-access","passed":true,"detail":"Allowed envelopes must exclude PHI, raw source payloads, raw schemas, and credentials."},{"id":"audit-envelope-complete","passed":true,"detail":"Every gateway decision must emit request hashes, envelope hashes where applicable, policy version, trace id, and raw-access blockers."},{"id":"source-contracts-enforce-agent-boundary","passed":true,"detail":"Clinical Data Fabric source contracts must restrict agent access to governed semantic concepts and retain blocked actions."}]},"boundary":"SCRIMED Clinical Context Gateway converts authorized metadata-only requests into governed semantic context envelopes for agents. It does not accept raw patient records, expose raw database schemas, expose raw connector payloads, store PHI, activate production connectors, mutate records, submit payer transactions, contact patients, diagnose, treat, prescribe, interpret imaging, or approve customer go-live.","safety":{"allowed":true,"status":"allowed","statusCode":200,"policyVersion":"scrimed-safety-governance-v2026-06-29","route":"/api/clinical-context-gateway","requestedAction":"clinical context gateway metadata semantic envelope readiness","inputClassification":"synthetic-no-phi","phiDetected":false,"synthetic":true,"matchedAllowedActions":["audit-preparation"],"matchedBlockedActions":[],"reason":"Request stays inside SCRIMED's current synthetic, no-PHI, human-reviewed readiness boundary.","noGoBoundaries":["Live PHI/ePHI, patient identifiers, source charts, production credentials, or live records.","Autonomous or final diagnosis, triage replacement, or clinical decision authority.","Autonomous treatment plans, patient-specific care instructions, or therapy selection.","Medication prescribing, medication changes, order placement, or pharmacy actions.","Patient texting, calling, emailing, portal messaging, or outreach automation.","Claims submission, prior authorization submission, appeal filing, or reimbursement assurance.","EHR writeback, chart filing, record mutation, order entry, or connector writes.","Production EHR, payer, device, imaging, or third-party connector activation approval.","HIPAA, SOC 2, HITRUST, FDA, ONC, clinical validation, security, or accessibility certification claims."]}}