Operating Command

SCRIMED Upgrade Implementation Plan

Secure agents, governed workflows, continuous evaluation, and local-first healthcare AI.

SCRIMED is an AI-native healthcare operating system combining secure agents, clinical intelligence, workflow automation, local-first privacy, governed deployment, and continuous learning infrastructure.

Statusscrimed-upgrade-implementation-plan-ready-synthetic-no-phi
Domains10
Policies5
Model lanes5
Workflow lanes5
DevSecOps controls5

Boundary

This is architecture authority, not production authority.

SCRIMED Upgrade Implementation Plan is a synthetic/no-PHI architecture and control-plane roadmap. It does not authorize live PHI access, autonomous diagnosis, treatment, prescribing, patient outreach, payer submission, billing submission, EHR writeback, production connector use, production deployment, certification claims, clinical validation claims, or customer go-live.

The upgrade plan is designed to make SCRIMED safer, more observable, more measurable, and harder to copy while preserving human review and no-PHI defaults.

Upgrade Domains

Newest SCRIMED architecture upgrades converted into tracked implementation domains.

implementation-scaffold-ready

Secure Agent Runtime

Wrap every SCRIMED agent with PHI-aware access control, dynamic session-state permissions, secret scanning, tool-call approval rules, cost ceilings, untrusted-content scoring, immutable audit logs, and emergency stop escalation.

Required for irreversible, PHI-impacting, clinical, payer, legal, outbound, or deployment actions.
  • Capabilities: PHI-aware access control, dynamic session-state permissions, secret scanning, tool-call allow/deny/approval rules, cost ceilings, untrusted-content risk scoring, immutable audit logs, emergency stop / human escalation
  • Telemetry: risk_score, tool_calls, cost_usd, phi_detected, escalation_events
  • Next: Bind Sentinel policy decisions to the protected durable-store path after fresh AAL2 and boundary-release approval.
  • Hash: scrimed-intel-136af3b7
architecture-ready

Contextual Policy Engine

Evaluate what an agent has read, done, spent, retrieved, and attempted before allowing the next action.

Required when policy risk crosses protected workflow thresholds.
  • Capabilities: read-PHI restriction escalation, untrusted web content risk scoring, cost threshold approval, patient safety / billing / legal / outbound review gate, destructive mutation elevated approval
  • Telemetry: read_phi, read_untrusted_content, cost_threshold, attempted_action, policy_decision
  • Next: Add a typed policy evaluation request route that previews policy outcomes without executing tools.
  • Hash: scrimed-intel-f009e6f4
implementation-scaffold-ready

Observability Layer

Track token usage, cost, latency, tool calls, retrieval quality, clinical safety flags, PHI events, failed workflows, model selection, and escalation events.

Required for clinical safety flags, PHI events, and failed protected workflows.
  • Capabilities: token usage telemetry, cost tracking, latency tracking, tool-call tracing, retrieval quality scoring, clinical safety flags, PHI event metadata, failed workflow traces, model selection metadata, escalation events
  • Telemetry: tokens_input, tokens_output, latency_ms, model_selected, retrieval_quality
  • Next: Create a unified no-secret telemetry envelope for agent, model, retrieval, policy, and reviewer events.
  • Hash: scrimed-intel-8642b0f8
implementation-scaffold-ready

Clinical Evaluation Harness

Evaluate accuracy, source grounding, hallucination risk, clinical usefulness, completeness, verifiability, safety escalation, FHIR/HL7 validity, and prior-authorization documentation quality.

Clinician or qualified reviewer remains final authority for high-risk outputs.
  • Capabilities: accuracy checks, source grounding checks, hallucination risk checks, clinical usefulness scoring, completeness scoring, verifiability scoring, safety escalation checks, FHIR/HL7 validity checks, prior authorization documentation quality checks
  • Telemetry: grounding_score, hallucination_risk, fhir_validity, prior_auth_gap_count
  • Next: Promote validated synthetic failures into nonsecret regression datasets through the Sentinel review gate.
  • Hash: scrimed-intel-bf859497
implementation-scaffold-ready

Multi-Model Router

Route tasks by purpose, accuracy, latency, privacy, local/on-device availability, cost, and regulatory sensitivity.

Required for high-risk clinical, PHI-heavy, payer, imaging, or regulated workflow outputs.
  • Capabilities: clinical reasoning routing, coding routing, medical imaging routing, document parsing / OCR routing, DICOM classification routing, speech-to-text routing, patient education routing, prior authorization routing, summarization routing, translation routing, compliance review routing
  • Telemetry: task_type, privacy_requirement, latency_requirement, cost_class, selected_model_tier
  • Next: Unify compute-fabric route decisions with Sentinel policy and observability envelopes.
  • Hash: scrimed-intel-23a9bef1
architecture-ready

Knowledge Operating System

Turn every completed workflow into a reusable playbook, evaluation case, structured lesson, agent memory artifact, knowledge graph update, and workflow improvement recommendation.

Knowledge artifacts cannot become precedent until reviewer disposition is complete.
  • Capabilities: reusable playbook generation, evaluation case generation, structured lesson capture, agent memory artifact, knowledge graph update, workflow improvement recommendation
  • Telemetry: workflow_completed, reviewer_disposition, lesson_hash, playbook_hash
  • Next: Create nonsecret knowledge artifact envelopes from completed synthetic workflows.
  • Hash: scrimed-intel-2f2b6fb5
protected-pilot-prep

Healthcare Workflow Automation

Prioritize governed workflows for prior authorization, referral routing, intake, documentation, coding, scheduling, patient follow-up, care coordination, release-of-information, medication shortage visibility, and clinical-trial evidence management.

All patient, payer, clinical, outbound, billing, and EHR-impacting steps require human review.
  • Capabilities: prior authorization, referral routing, intake, documentation, coding, scheduling, patient follow-up, care coordination, release-of-information requests, medication shortage visibility, clinical trial evidence management
  • Telemetry: workflow_type, approval_gate, documentation_gaps, status, human_owner
  • Next: Add per-workflow authority matrices that separate draft, review, and protected execution states.
  • Hash: scrimed-intel-d4e0c5ba
implementation-scaffold-ready

DevSecOps / CI-CD

Add automated tests, security scans, dependency scans, PHI leakage tests, FHIR validation, clinical safety regression tests, canary checklist, rollback plan, and infrastructure health checks.

Production changes require release owner approval and rollback evidence.
  • Capabilities: automated tests, security scans, dependency scans, PHI leakage tests, FHIR validation, clinical safety regression tests, canary deployment checklist, rollback plan, infrastructure health checks
  • Telemetry: test_status, dependency_risk, phi_leakage_check, rollback_ready
  • Next: Add a release gate manifest that binds smoke results, reviewer signoff, and rollback readiness.
  • Hash: scrimed-intel-3d1ae8e5
architecture-ready

Local-First / Edge AI

Support browser-side de-identification, on-device PHI redaction, offline clinical utilities, local model fallback, DICOM preprocessing, and edge inference for low-connectivity clinics.

Raw imaging, PHI, and production clinic deployment require explicit authorization.
  • Capabilities: browser-side de-identification, on-device PHI redaction, offline clinical utilities, local model fallback, DICOM preprocessing, edge inference for low-connectivity clinics
  • Telemetry: execution_target, redaction_status, offline_mode, edge_model_selected
  • Next: Define edge runtime capability manifest with PHI transfer defaults set to blocked.
  • Hash: scrimed-intel-94b2361b
implementation-scaffold-ready

Strategic Product Direction

Position SCRIMED as an AI-native healthcare operating system combining secure agents, clinical intelligence, workflow automation, local-first privacy, governed deployment, and continuous learning infrastructure.

Public claims require legal, clinical, security, and compliance review before use.
  • Capabilities: secure agents, clinical intelligence, workflow automation, local-first privacy, governed deployment, continuous learning infrastructure
  • Telemetry: product_readiness_stage, boundary_status, buyer_proof_artifact
  • Next: Bind this upgrade plan into investor-readiness and operating-command summaries.
  • Hash: scrimed-intel-f1f37ebf

Contextual Policy Engine

Policy decisions evaluate what the agent has read, done, spent, retrieved, and attempted.

require_human_review

phi-external-action-block

If agent reads PHI, restrict external actions.

PHI exposure changes the allowed action boundary for every downstream tool call.

Block outbound communication, external sharing, EHR writeback, payer submission, and model calls outside approved private runtime.

increase_risk_score

untrusted-content-risk-score

If agent reads untrusted web content, increase risk score.

Untrusted content can carry prompt injection, poisoned retrieval, or unsafe workflow instructions.

Require evidence verification and disable privileged tools until reviewer disposition.

request_approval

cost-threshold-approval

If cost exceeds threshold, request approval.

Long agent loops and model routing errors can create API abuse or billing spikes.

Pause the run and return a safe budget-approval request.

require_human_review

high-stakes-action-review

If action touches patient safety, billing, legal, or outbound communication, require human review.

Protected healthcare workflows need accountable human ownership.

Queue the action for reviewer disposition and keep all outputs in draft mode.

require_elevated_approval

destructive-mutation-elevated-approval

If action attempts destructive data mutation, require elevated approval.

Deletion, schema changes, access revocation, and production deploys are irreversible or high blast-radius actions.

Block mutation and require privileged operator approval with rollback plan.

Multi-Model Router

Route by task purpose, privacy, latency, cost, and regulatory sensitivity.

restricted

clinical_reasoning

highest_accuracy_clinical_model_or_validated_private_model

clinician review required
  • Criteria: accuracy, privacy requirements, regulatory sensitivity, source grounding
  • Blocked: No autonomous diagnosis, treatment, prescribing, or live patient care.
restricted

prior_authorization

payer_policy_reasoning_model

staff review required before submission
  • Criteria: policy match quality, documentation completeness, cost, latency
  • Blocked: No payer submission or medical-necessity determination.
phi-local-only

medical_imaging

vision_medical_model_or_local_dicom_pipeline

radiology or qualified clinical review required
  • Criteria: modality support, local availability, uncertainty handling, regulatory sensitivity
  • Blocked: No final imaging interpretation.
restricted

document_parsing_ocr

document_vision_model_with_local_redaction_precheck

review required for extracted clinical or legal evidence
  • Criteria: layout preservation, PHI redaction, latency, cost
  • Blocked: No raw connector payload logging.
standard

patient_education_translation

plain_language_medical_model

clinical review required before patient use
  • Criteria: readability, translation quality, clinical safety, cost
  • Blocked: No patient outreach or individualized medical instruction.

Workflow Automation

Automation stays draft, recommendation, or metadata-only until human review.

Draft and checklist only.

prior authorization

Detect missing criteria, documentation language gaps, and submission risk before human-reviewed packet preparation.

Human review before payer submission.

documentation_gaps_found, cycle_time_reduction, denial_risk_reduced

Recommendation-only routing and status metadata.

referral routing

Match referral metadata to routing rules, wait-time signals, and closed-loop status tracking.

Human review before outreach or scheduling changes.

referral_completion, leakage_risk, wait_time

Draft notes and missing-data flags only.

intake and documentation

Summarize intake, draft notes, detect missing fields, and route follow-up questions.

Clinician signoff before chart use.

documentation_time_saved, missing_field_rate, reviewer_edits

Coding support and denial-risk explanation only.

coding and RCM

Support coding review, denial prevention, documentation completeness, and work queue triage.

Coder or revenue-cycle reviewer approval before billing action.

denial_rate, coder_review_time, documentation_defect_rate

Evidence integrity metadata only.

clinical trial evidence management

Secure, validate, hash, and sync decentralized trial evidence metadata.

Research compliance review before production trial use.

evidence_hash_coverage, site_sync_status, protocol_deviation_flags

DevSecOps / CI-CD

Release safety depends on tests, scans, PHI leakage controls, clinical regression, and rollback evidence.

block_merge

automated tests

typecheck, lint, nonsecret smoke, build

Evidence

CI logs and contract-check output

block_deploy

PHI leakage tests

reject PHI-like notes, token-like fields, raw connector payloads, and secret fixtures

Evidence

nonsecret test suite and Sentinel preview validators

require_review

FHIR validation

FHIR/HL7 contract checks and clinical data fabric validation

Evidence

clinical data fabric and interoperability smoke artifacts

block_deploy

clinical safety regression tests

clinical robustness lab and Sentinel regression promotion gate

Evidence

synthetic regression manifest and reviewer disposition metadata

require_review

rollback plan

release gate includes rollback owner and blast-radius controls

Evidence

release-candidate readiness and boundary-release evidence

Validation

Contract checks keep the upgrade pack governed and non-PHI.

pass

all-ten-upgrade-domains-present

The plan covers secure runtime, policy, observability, evals, routing, knowledge, workflows, DevSecOps, edge AI, and strategy.

Next

Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.

pass

domains-have-human-review-and-blocked-actions

Every domain carries a human review gate and explicit production/PHI hard stops.

Next

Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.

pass

contextual-policy-engine-fail-closes

Contextual policies define fail-closed behavior for PHI, untrusted content, cost, high-stakes actions, and destructive mutations.

Next

Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.

pass

multi-model-router-covers-required-task-types

Model routing lanes cover clinical, payer, imaging, document/OCR, and patient-language workloads.

Next

Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.

fail

workflow-automation-remains-review-gated

Workflow automation lanes stay draft, recommendation, or metadata-only until human review.

Next

Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.

pass

devsecops-controls-block-unsafe-release

DevSecOps controls include PHI leakage tests, clinical safety regression, and rollback evidence.

Next

Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.

pass

no-domain-authorizes-production-or-clinical-authority

The upgrade plan does not grant production deploy, customer go-live, diagnosis, or treatment authority.

Next

Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.