Agent Workspace

Governance workflow packs

Customer-tailored retention, legal-review, legal-hold, and incident-export operating packs.

SCRIMED governance workflow packs help enterprise buyers translate synthetic pilot evidence into retained, human-reviewed operational controls while legal, privacy, security, and production approvals remain explicit.

Statuscustomer-governance-workflow-packs-ready
Packs5
Boundarysynthetic only
CI secretSCRIMED_BEARER_TOKEN

Product boundary

Governance packs are reusable operating templates, not legal conclusions.

SCRIMED governance workflow packs are customer-tailored synthetic pilot operating templates. They are not legal advice, privacy advice, security certification, HIPAA certification, SOC 2 certification, FDA clearance, payer approval, reimbursement assurance, breach determination, or production authorization.

Promote selected governance pack slugs from buyer intake into protected workspace activation records and governance-ledger metadata when an enterprise pilot is created.

01Buyer intake deterministically selects and attaches a governance pack.
02Sales Operations carries the selected pack into proposals, CRM export, and assessment planning.
03Tailor retention, legal review, incident owner, and reviewer authority.
04Record approved actions in the Agent Workspace governance ledger during workspace activation.

Routing rules

Buyer intake selects a pack from business-scope signals before sales handoff.

rule

Research, trial, oncology, or eligibility signals route to TrialCore Research Legal Hold Pack.

Selection remains deterministic, inspectable, and synthetic-pilot bounded.

rule

Government, public-health, ministry, or sovereignty signals route to Public Sector Sovereign Retention Pack.

Selection remains deterministic, inspectable, and synthetic-pilot bounded.

rule

Payer, prior-authorization, claims, denial, or RCM signals route to Payer And RCM Incident Export Pack.

Selection remains deterministic, inspectable, and synthetic-pilot bounded.

rule

Enterprise, HIPAA-readiness, security-review, BAA/DPA, or role-based-access signals route to Enterprise BAA/DPA Readiness Pack.

Selection remains deterministic, inspectable, and synthetic-pilot bounded.

rule

Provider and clinic operations pilots default to Provider Operations Retention Review Pack.

Selection remains deterministic, inspectable, and synthetic-pilot bounded.

Packs

Each pack defines customer inputs, retention template, legal review, incident export, evidence, boundaries, and blocked claims.

pilot-ready

Provider Operations Retention Review Pack

Hospitals, clinics, physician groups, and care operations leaders. Retention schedule, reviewer authority, proof packet handling, and release controls for synthetic care operations work orders.

90 to 180 days for synthetic pilot evidence
  • Inputs: Pilot sponsor, Workflow owner, Record retention preference, Clinical reviewer role, Privacy contact, Security contact
  • Approvals: Pilot sponsor, Privacy owner, Clinical governance owner
  • Release gate: AAL2 tenant-admin or pilot-lead request with write-before-release ledger event
pilot-ready

Payer And RCM Incident Export Pack

Payers, revenue cycle teams, denial management, and finance operators. Controls for denial-risk work orders, retention of policy evidence, incident export, and no-submission boundaries.

120 to 365 days for synthetic payer workflow evidence
  • Inputs: RCM owner, Payer operations owner, Policy source owner, No-submission acknowledgement, Revenue metric baseline
  • Approvals: RCM owner, Compliance reviewer, Executive sponsor
  • Release gate: AAL2 tenant-admin or pilot-lead request with incident severity recorded
customer-tailoring-required

TrialCore Research Legal Hold Pack

Academic medical centers, research operations, oncology programs, and trial networks. Research-review controls for eligibility evidence, legal hold, protocol-source retention, and no-outreach boundaries.

180 to 365 days for synthetic research evidence
  • Inputs: Research operations owner, Protocol source owner, IRB or governance contact where applicable, Research reviewer role, Protocol-version handling rule
  • Approvals: Research operations owner, Governance reviewer, Executive sponsor
  • Release gate: AAL2 governance request and research reviewer awareness
external-review-required

Public Sector Sovereign Retention Pack

Government health programs, ministries of health, and public-sector agencies. Sovereign deployment readiness, retention controls, incident export, and jurisdiction-specific approval gates.

Customer-defined by jurisdiction and procurement requirements
  • Inputs: Jurisdiction, Data residency requirement, Public-sector sponsor, Procurement route, Incident commander, Regional counsel
  • Approvals: Public-sector sponsor, Regional counsel, Security owner
  • Release gate: AAL2 request plus named public-sector incident owner
customer-tailoring-required

Enterprise BAA/DPA Readiness Pack

Large providers, payers, employers, and enterprise healthcare operators. Contract-readiness controls for BAA/DPA path, retention schedule, legal review, incident export, and human-review operating model.

90 to 365 days until customer policy is approved
  • Inputs: Procurement owner, Privacy owner, Security owner, Legal owner, Workflow sponsor, Reviewer authority matrix
  • Approvals: Legal owner, Privacy owner, Security owner, Workflow sponsor
  • Release gate: AAL2 governance request with customer owner mapped

Authenticated smoke contract

CI is ready to enforce the authenticated governance-ledger path once the approved AAL2 tenant token is stored.

secret

SCRIMED_BEARER_TOKEN

Tenant-admin or pilot-lead AAL2 bearer token used only by the CI smoke workflow.

variable

SCRIMED_BASE_URL

Optional override for the app base URL. The smoke script defaults to app.scrimedsolutions.com.

variable

SCRIMED_WORKSPACE_SLUG

Optional override for the protected workspace slug. The default workspace is atlas-synthetic-evaluation.

flag

SCRIMED_REQUIRE_AUTHENTICATED_SMOKE=1

When enabled, the smoke script fails if the authenticated token is missing instead of skipping.