Manual QA Proof Promotion
SCRIMED now has a clear rule for when manual AAL2 QA evidence can become buyer proof.
Proof Promotion keeps the current state honest: activation-ready until a protected no-secret packet hash is retained, buyer-ready only after packet visibility, and still blocked for clinical, PHI, security, reimbursement, or production authorization claims.
Current decision
SCRIMED has an operator-ready manual AAL2 QA path, but retained authenticated QA proof is still pending.
Buyer-facing proof may reference activation readiness, Run Control, and fail-closed checks, but not retained authenticated QA proof.
SCRIMED Manual QA Proof Promotion decides when retained no-secret human AAL2 QA packet metadata can be referenced in buyer diligence. It does not execute AAL2 workflows, store tokens, store PHI, certify security or compliance, authorize live clinical care, guarantee reimbursement, approve production connectors, or allow authenticated-proof claims before a protected packet hash is visible.
Promotion rules
Buyer proof changes only after a retained no-secret packet hash is visible.
Retained packet hash required
Describe the workflow as activation-ready or operator-ready only.
- No hash means no retained authenticated QA proof claim.
No-secret evidence only
Reject bearer tokens, refresh tokens, credentials, PHI, payer data, artifacts, URLs, legal opinions, and security reports.
- The token itself is never evidence.
Human AAL2 provenance required
Use Run Control and Manual QA Evidence capture under a fresh human AAL2 session.
- AAL2 provenance is not clinical, legal, reimbursement, or production authorization.
Buyer Diligence export after persistence
Keep Buyer Diligence language in pending activation posture.
- Buyer proof is limited to governed synthetic QA evidence.
Clinical and production claims remain blocked
Do not imply live care, PHI processing, payer submission, or connector approval.
- Retained QA proof improves diligence; it does not unlock production clinical execution.
Required evidence
The packet must contain only safe metadata before buyer proof can reference it.
workflow kind
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.workflow run ID
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.workflow run URL
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.execution timestamp
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.synthetic target ID
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.created safe object UUID
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.packet audit event UUID
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.token disposal attestation
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.packet SHA-256
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.protected workspace audit visibility
Required for retained synthetic QA proof promotion.
Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.Blocked claims