# SCRIMED Trust Safety Incident Report

Incident ID: trustops-phi-style-intake-block
Title: PHI-style intake content attempted in a public or sales workflow
Generated: 2026-07-16T08:50:57.190Z
Severity: moderate
Status: contained
Owner: Privacy and product control owner
Accountable agent: PHI Shield Agent
Source channel: Supabase Identity And Audit Watch
Created: 2026-06-16T09:00:00.000Z
Updated: 2026-06-16T09:00:00.000Z
Legal-hold status: not-required

## Boundary
SCRIMED Trust and Safety Operations is an operating model and product control layer for synthetic evaluations, protected pilots, and enterprise readiness. It does not create legal advice, compliance certification, 24/7 managed SOC/MDR coverage, production clinical monitoring, or authorization for live clinical execution.

## Trigger Signal
PHI-style wording, patient identifier pattern, or clinical-record request appears in a no-PHI workflow.

## Affected Surface
- public pilot intake
- sales operations
- protected pilot boundary

## Buyer And Company Impact
Protects SCRIMED and buyers from routing patient data into public intake, sales analytics, or synthetic pilot workflows before approved production controls.

## Containment
Reject prohibited content, return no-PHI guidance, and preserve safe metadata only.

## Remediation Plan
Keep public and sales workflows business-contact only; add stricter phrase checks when repeated patterns appear.

## Evidence Routes
- /pilot
- /sales-operations
- /trust-center/privacy
- /api/pilot/intake

## Audit Events
- intake-blocked
- no-phi-boundary-returned
- safe-metadata-retained

## Improvement Actions
- Review rejected patterns after every campaign launch.
- Add new prohibited terms to intake and sales operations validation.
- Escalate suspected live PHI to privacy and counsel before any retention decision.

## Severity SLA
- Response target: Next operational review cycle with assigned owner and evidence route.
- Containment target: Document workaround, add review gate, and prevent unsupported external release.
- Executive escalation: Escalate if repeated, unowned, or buyer-facing.
- Required reviewers: control owner, engineering/product owner

## Production Boundary
This incident pattern is synthetic/pilot boundary protection only; actual breach analysis requires authorized privacy, security, legal, and customer incident owners.

## Remaining Limitations
- Production managed 24/7 coverage still requires staffed on-call/SOC/MDR coverage, contracts, tabletop exercises, customer-specific runbooks, and external security review.
- Tenant TrustOps storage is designed for synthetic pilots and enterprise readiness; regulated production incidents still require customer-approved live-data boundaries, breach analysis, notification decisions, and forensic process.
- The TrustOps Supabase migration must be applied and authenticated-smoke-tested in each environment before tenant mutation routes are used with buyers.
- Clinical, legal, privacy, security, copyright, trademark, reimbursement, and advertising determinations still require qualified human reviewers.