# SCRIMED QA Claim Guard Brief

Status: manual-aal2-qa-claim-guard-ready
Buyer claim posture: activation-ready-until-retained-packet-proof

## Boundary
SCRIMED QA Claim Guard classifies buyer, investor, sales, and operator language for current manual AAL2 QA posture. It does not create authenticated QA proof, persist evidence, replace counsel, certify security or compliance, authorize PHI processing, authorize live clinical care, guarantee reimbursement, approve production connectors, or approve public claims without retained evidence and qualified review.

## Safe Current Claims
- SCRIMED has a no-secret operator-ready path for human AAL2 synthetic QA.
- SCRIMED public smoke verifies route health, fail-closed protected APIs, and synthetic-only boundaries.
- SCRIMED can validate no-secret candidate QA metadata before protected persistence.
- SCRIMED can keep buyer diligence in activation-ready posture until protected packet hashes are visible.
- SCRIMED blocks live clinical, PHI, reimbursement, security-certification, connector, and production authority claims.

## Claims Requiring Retained Packet Evidence
- retained authenticated QA evidence
- retained manual AAL2 QA proof
- completed human AAL2 QA workflow
- protected packet hash is visible
- buyer diligence includes retained packet SHA-256
- authenticated QA packet retained

## Blocked Authority Claims
- live clinical care authorized
- PHI processing authorized
- HIPAA certified
- HIPAA compliant
- SOC 2 certified
- security certified
- FDA cleared
- FDA approved
- reimbursement guaranteed
- production connector approved
- autonomous diagnosis authorized
- autonomous treatment authorized
- payer submission authorized
- patient outreach authorized
- clinical validation completed
- regional regulatory approval completed

## Review Triggers
- customer case study
- press release
- advertising claim
- investor deck
- public website claim
- security questionnaire
- legal approval
- BAA
- production go-live
- clinical workflow

## Rules
- Current-state language only (safe-current-claim): The claim describes synthetic, no-secret, activation-ready, fail-closed, or human-required workflow readiness. Required evidence: QA Evidence Ledger, Launch Kit, Human Run Packet, Completion Bridge, public smoke, and fail-closed route checks. Safer language: SCRIMED has a governed no-secret synthetic QA readiness path with human AAL2 gates still explicit.
- Retained packet language requires packet hash (requires-retained-packet): The claim says authenticated QA evidence is retained, completed, packet-backed, or buyer-diligence-ready. Required evidence: Protected Manual QA Evidence packet SHA-256, audit event ID, workflow run ID, and Proof Promotion ready state. Safer language: SCRIMED has an activation-ready path; retained authenticated QA proof will be referenced only after protected packet hash visibility.
- Clinical and production authority remain blocked (blocked-authority-claim): The claim implies live care, PHI processing, security/compliance certification, FDA approval, reimbursement certainty, production connector approval, payer submission, patient outreach, or autonomous clinical action. Required evidence: Separate signed customer, legal, privacy, security, clinical, regional, reimbursement, connector, and production approvals. Safer language: SCRIMED is currently positioned for governed synthetic pilots and enterprise evaluation; production clinical authority remains separately gated.
- External-use claims need qualified review (needs-qualified-review): The claim is for public website, PR, advertising, investor materials, case studies, legal documents, security questionnaires, or production go-live. Required evidence: Qualified legal, privacy, security, clinical, marketing, finance, or customer approval depending on audience. Safer language: Use internal diligence language until the required external-use approval packet is retained.

## Routes
- Launch Kit: /qa-launch-kit
- Completion Bridge: /qa-completion-bridge
- Proof Promotion: /qa-proof-promotion

## Next Recommended Build Step
Use QA Claim Guard for every buyer, investor, sales, PR, and operator claim until the first protected manual QA packet hash is retained and Proof Promotion permits packet-backed language.

## Ledger Boundary
SCRIMED QA Evidence Ledger records synthetic-only release, smoke, token-policy, fail-closed, and operator-gate evidence. It is not a clinical validation report, security certification, legal opinion, SOC report, HIPAA attestation, or authorization for live healthcare execution.