Governance workflow packs
Customer-tailored retention, legal-review, legal-hold, and incident-export operating packs.
SCRIMED governance workflow packs help enterprise buyers translate synthetic pilot evidence into retained, human-reviewed operational controls while legal, privacy, security, and production approvals remain explicit.
Product boundary
Governance packs are reusable operating templates, not legal conclusions.
SCRIMED governance workflow packs are customer-tailored synthetic pilot operating templates. They are not legal advice, privacy advice, security certification, HIPAA certification, SOC 2 certification, FDA clearance, payer approval, reimbursement assurance, breach determination, or production authorization.
Promote selected governance pack slugs from buyer intake into protected workspace activation records and governance-ledger metadata when an enterprise pilot is created.
Routing rules
Buyer intake selects a pack from business-scope signals before sales handoff.
Research, trial, oncology, or eligibility signals route to TrialCore Research Legal Hold Pack.
Selection remains deterministic, inspectable, and synthetic-pilot bounded.
Government, public-health, ministry, or sovereignty signals route to Public Sector Sovereign Retention Pack.
Selection remains deterministic, inspectable, and synthetic-pilot bounded.
Payer, prior-authorization, claims, denial, or RCM signals route to Payer And RCM Incident Export Pack.
Selection remains deterministic, inspectable, and synthetic-pilot bounded.
Enterprise, HIPAA-readiness, security-review, BAA/DPA, or role-based-access signals route to Enterprise BAA/DPA Readiness Pack.
Selection remains deterministic, inspectable, and synthetic-pilot bounded.
Provider and clinic operations pilots default to Provider Operations Retention Review Pack.
Selection remains deterministic, inspectable, and synthetic-pilot bounded.
Packs
Each pack defines customer inputs, retention template, legal review, incident export, evidence, boundaries, and blocked claims.
Provider Operations Retention Review Pack
Hospitals, clinics, physician groups, and care operations leaders. Retention schedule, reviewer authority, proof packet handling, and release controls for synthetic care operations work orders.
- Inputs: Pilot sponsor, Workflow owner, Record retention preference, Clinical reviewer role, Privacy contact, Security contact
- Approvals: Pilot sponsor, Privacy owner, Clinical governance owner
- Release gate: AAL2 tenant-admin or pilot-lead request with write-before-release ledger event
Payer And RCM Incident Export Pack
Payers, revenue cycle teams, denial management, and finance operators. Controls for denial-risk work orders, retention of policy evidence, incident export, and no-submission boundaries.
- Inputs: RCM owner, Payer operations owner, Policy source owner, No-submission acknowledgement, Revenue metric baseline
- Approvals: RCM owner, Compliance reviewer, Executive sponsor
- Release gate: AAL2 tenant-admin or pilot-lead request with incident severity recorded
TrialCore Research Legal Hold Pack
Academic medical centers, research operations, oncology programs, and trial networks. Research-review controls for eligibility evidence, legal hold, protocol-source retention, and no-outreach boundaries.
- Inputs: Research operations owner, Protocol source owner, IRB or governance contact where applicable, Research reviewer role, Protocol-version handling rule
- Approvals: Research operations owner, Governance reviewer, Executive sponsor
- Release gate: AAL2 governance request and research reviewer awareness
Public Sector Sovereign Retention Pack
Government health programs, ministries of health, and public-sector agencies. Sovereign deployment readiness, retention controls, incident export, and jurisdiction-specific approval gates.
- Inputs: Jurisdiction, Data residency requirement, Public-sector sponsor, Procurement route, Incident commander, Regional counsel
- Approvals: Public-sector sponsor, Regional counsel, Security owner
- Release gate: AAL2 request plus named public-sector incident owner
Enterprise BAA/DPA Readiness Pack
Large providers, payers, employers, and enterprise healthcare operators. Contract-readiness controls for BAA/DPA path, retention schedule, legal review, incident export, and human-review operating model.
- Inputs: Procurement owner, Privacy owner, Security owner, Legal owner, Workflow sponsor, Reviewer authority matrix
- Approvals: Legal owner, Privacy owner, Security owner, Workflow sponsor
- Release gate: AAL2 governance request with customer owner mapped
Authenticated smoke contract
CI is ready to enforce the authenticated governance-ledger path once the approved AAL2 tenant token is stored.
SCRIMED_BEARER_TOKEN
Tenant-admin or pilot-lead AAL2 bearer token used only by the CI smoke workflow.
SCRIMED_BASE_URL
Optional override for the app base URL. The smoke script defaults to app.scrimedsolutions.com.
SCRIMED_WORKSPACE_SLUG
Optional override for the protected workspace slug. The default workspace is atlas-synthetic-evaluation.
SCRIMED_REQUIRE_AUTHENTICATED_SMOKE=1
When enabled, the smoke script fails if the authenticated token is missing instead of skipping.