# SCRIMED Most Recent Upgrade Implementation Plan

Status: scrimed-upgrade-implementation-plan-ready-synthetic-no-phi
API: /api/scrimed-upgrade-implementation-plan
Brief: /api/scrimed-upgrade-implementation-plan/brief
Safety policy: scrimed-safety-governance-v2026-06-29

## Objective
Implement the newest SCRIMED architecture upgrades around secure agent runtime, clinical AI governance, DevSecOps, observability, multi-model routing, knowledge compounding, and healthcare workflow automation.

## Boundary
SCRIMED Upgrade Implementation Plan is a synthetic/no-PHI architecture and control-plane roadmap. It does not authorize live PHI access, autonomous diagnosis, treatment, prescribing, patient outreach, payer submission, billing submission, EHR writeback, production connector use, production deployment, certification claims, clinical validation claims, or customer go-live.

## Strategic Product Direction
SCRIMED is an AI-native healthcare operating system combining secure agents, clinical intelligence, workflow automation, local-first privacy, governed deployment, and continuous learning infrastructure.

## Upgrade Domains
- Secure Agent Runtime: Wrap every SCRIMED agent with PHI-aware access control, dynamic session-state permissions, secret scanning, tool-call approval rules, cost ceilings, untrusted-content scoring, immutable audit logs, and emergency stop escalation. Readiness: implementation-scaffold-ready. Next: Bind Sentinel policy decisions to the protected durable-store path after fresh AAL2 and boundary-release approval.
- Contextual Policy Engine: Evaluate what an agent has read, done, spent, retrieved, and attempted before allowing the next action. Readiness: architecture-ready. Next: Add a typed policy evaluation request route that previews policy outcomes without executing tools.
- Observability Layer: Track token usage, cost, latency, tool calls, retrieval quality, clinical safety flags, PHI events, failed workflows, model selection, and escalation events. Readiness: implementation-scaffold-ready. Next: Create a unified no-secret telemetry envelope for agent, model, retrieval, policy, and reviewer events.
- Clinical Evaluation Harness: Evaluate accuracy, source grounding, hallucination risk, clinical usefulness, completeness, verifiability, safety escalation, FHIR/HL7 validity, and prior-authorization documentation quality. Readiness: implementation-scaffold-ready. Next: Promote validated synthetic failures into nonsecret regression datasets through the Sentinel review gate.
- Multi-Model Router: Route tasks by purpose, accuracy, latency, privacy, local/on-device availability, cost, and regulatory sensitivity. Readiness: implementation-scaffold-ready. Next: Unify compute-fabric route decisions with Sentinel policy and observability envelopes.
- Knowledge Operating System: Turn every completed workflow into a reusable playbook, evaluation case, structured lesson, agent memory artifact, knowledge graph update, and workflow improvement recommendation. Readiness: architecture-ready. Next: Create nonsecret knowledge artifact envelopes from completed synthetic workflows.
- Healthcare Workflow Automation: Prioritize governed workflows for prior authorization, referral routing, intake, documentation, coding, scheduling, patient follow-up, care coordination, release-of-information, medication shortage visibility, and clinical-trial evidence management. Readiness: protected-pilot-prep. Next: Add per-workflow authority matrices that separate draft, review, and protected execution states.
- DevSecOps / CI-CD: Add automated tests, security scans, dependency scans, PHI leakage tests, FHIR validation, clinical safety regression tests, canary checklist, rollback plan, and infrastructure health checks. Readiness: implementation-scaffold-ready. Next: Add a release gate manifest that binds smoke results, reviewer signoff, and rollback readiness.
- Local-First / Edge AI: Support browser-side de-identification, on-device PHI redaction, offline clinical utilities, local model fallback, DICOM preprocessing, and edge inference for low-connectivity clinics. Readiness: architecture-ready. Next: Define edge runtime capability manifest with PHI transfer defaults set to blocked.
- Strategic Product Direction: Position SCRIMED as an AI-native healthcare operating system combining secure agents, clinical intelligence, workflow automation, local-first privacy, governed deployment, and continuous learning infrastructure. Readiness: implementation-scaffold-ready. Next: Bind this upgrade plan into investor-readiness and operating-command summaries.

## Contextual Policy Engine
- phi-external-action-block: If agent reads PHI, restrict external actions. -> require_human_review. Fail closed: Block outbound communication, external sharing, EHR writeback, payer submission, and model calls outside approved private runtime.
- untrusted-content-risk-score: If agent reads untrusted web content, increase risk score. -> increase_risk_score. Fail closed: Require evidence verification and disable privileged tools until reviewer disposition.
- cost-threshold-approval: If cost exceeds threshold, request approval. -> request_approval. Fail closed: Pause the run and return a safe budget-approval request.
- high-stakes-action-review: If action touches patient safety, billing, legal, or outbound communication, require human review. -> require_human_review. Fail closed: Queue the action for reviewer disposition and keep all outputs in draft mode.
- destructive-mutation-elevated-approval: If action attempts destructive data mutation, require elevated approval. -> require_elevated_approval. Fail closed: Block mutation and require privileged operator approval with rollback plan.

## Multi-Model Router
- clinical_reasoning: highest_accuracy_clinical_model_or_validated_private_model; privacy restricted; gate clinician review required
- prior_authorization: payer_policy_reasoning_model; privacy restricted; gate staff review required before submission
- medical_imaging: vision_medical_model_or_local_dicom_pipeline; privacy phi-local-only; gate radiology or qualified clinical review required
- document_parsing_ocr: document_vision_model_with_local_redaction_precheck; privacy restricted; gate review required for extracted clinical or legal evidence
- patient_education_translation: plain_language_medical_model; privacy standard; gate clinical review required before patient use

## Healthcare Workflow Automation
- prior authorization: Detect missing criteria, documentation language gaps, and submission risk before human-reviewed packet preparation. Boundary: Draft and checklist only. Review: Human review before payer submission.
- referral routing: Match referral metadata to routing rules, wait-time signals, and closed-loop status tracking. Boundary: Recommendation-only routing and status metadata. Review: Human review before outreach or scheduling changes.
- intake and documentation: Summarize intake, draft notes, detect missing fields, and route follow-up questions. Boundary: Draft notes and missing-data flags only. Review: Clinician signoff before chart use.
- coding and RCM: Support coding review, denial prevention, documentation completeness, and work queue triage. Boundary: Coding support and denial-risk explanation only. Review: Coder or revenue-cycle reviewer approval before billing action.
- clinical trial evidence management: Secure, validate, hash, and sync decentralized trial evidence metadata. Boundary: Evidence integrity metadata only. Review: Research compliance review before production trial use.

## DevSecOps / CI-CD
- automated tests: typecheck, lint, nonsecret smoke, build; failure mode block_merge
- PHI leakage tests: reject PHI-like notes, token-like fields, raw connector payloads, and secret fixtures; failure mode block_deploy
- FHIR validation: FHIR/HL7 contract checks and clinical data fabric validation; failure mode require_review
- clinical safety regression tests: clinical robustness lab and Sentinel regression promotion gate; failure mode block_deploy
- rollback plan: release gate includes rollback owner and blast-radius controls; failure mode require_review

## Validation
- PASS all-ten-upgrade-domains-present: The plan covers secure runtime, policy, observability, evals, routing, knowledge, workflows, DevSecOps, edge AI, and strategy.
- PASS domains-have-human-review-and-blocked-actions: Every domain carries a human review gate and explicit production/PHI hard stops.
- PASS contextual-policy-engine-fail-closes: Contextual policies define fail-closed behavior for PHI, untrusted content, cost, high-stakes actions, and destructive mutations.
- PASS multi-model-router-covers-required-task-types: Model routing lanes cover clinical, payer, imaging, document/OCR, and patient-language workloads.
- FAIL workflow-automation-remains-review-gated: Workflow automation lanes stay draft, recommendation, or metadata-only until human review.
- PASS devsecops-controls-block-unsafe-release: DevSecOps controls include PHI leakage tests, clinical safety regression, and rollback evidence.
- PASS no-domain-authorizes-production-or-clinical-authority: The upgrade plan does not grant production deploy, customer go-live, diagnosis, or treatment authority.

## Next Build Step
Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.
