SCRIMED Upgrade Implementation Plan
Secure agents, governed workflows, continuous evaluation, and local-first healthcare AI.
SCRIMED is an AI-native healthcare operating system combining secure agents, clinical intelligence, workflow automation, local-first privacy, governed deployment, and continuous learning infrastructure.
Boundary
This is architecture authority, not production authority.
SCRIMED Upgrade Implementation Plan is a synthetic/no-PHI architecture and control-plane roadmap. It does not authorize live PHI access, autonomous diagnosis, treatment, prescribing, patient outreach, payer submission, billing submission, EHR writeback, production connector use, production deployment, certification claims, clinical validation claims, or customer go-live.
The upgrade plan is designed to make SCRIMED safer, more observable, more measurable, and harder to copy while preserving human review and no-PHI defaults.
Upgrade Domains
Newest SCRIMED architecture upgrades converted into tracked implementation domains.
Secure Agent Runtime
Wrap every SCRIMED agent with PHI-aware access control, dynamic session-state permissions, secret scanning, tool-call approval rules, cost ceilings, untrusted-content scoring, immutable audit logs, and emergency stop escalation.
- Capabilities: PHI-aware access control, dynamic session-state permissions, secret scanning, tool-call allow/deny/approval rules, cost ceilings, untrusted-content risk scoring, immutable audit logs, emergency stop / human escalation
- Telemetry: risk_score, tool_calls, cost_usd, phi_detected, escalation_events
- Next: Bind Sentinel policy decisions to the protected durable-store path after fresh AAL2 and boundary-release approval.
- Hash: scrimed-intel-136af3b7
Contextual Policy Engine
Evaluate what an agent has read, done, spent, retrieved, and attempted before allowing the next action.
- Capabilities: read-PHI restriction escalation, untrusted web content risk scoring, cost threshold approval, patient safety / billing / legal / outbound review gate, destructive mutation elevated approval
- Telemetry: read_phi, read_untrusted_content, cost_threshold, attempted_action, policy_decision
- Next: Add a typed policy evaluation request route that previews policy outcomes without executing tools.
- Hash: scrimed-intel-f009e6f4
Observability Layer
Track token usage, cost, latency, tool calls, retrieval quality, clinical safety flags, PHI events, failed workflows, model selection, and escalation events.
- Capabilities: token usage telemetry, cost tracking, latency tracking, tool-call tracing, retrieval quality scoring, clinical safety flags, PHI event metadata, failed workflow traces, model selection metadata, escalation events
- Telemetry: tokens_input, tokens_output, latency_ms, model_selected, retrieval_quality
- Next: Create a unified no-secret telemetry envelope for agent, model, retrieval, policy, and reviewer events.
- Hash: scrimed-intel-8642b0f8
Clinical Evaluation Harness
Evaluate accuracy, source grounding, hallucination risk, clinical usefulness, completeness, verifiability, safety escalation, FHIR/HL7 validity, and prior-authorization documentation quality.
- Capabilities: accuracy checks, source grounding checks, hallucination risk checks, clinical usefulness scoring, completeness scoring, verifiability scoring, safety escalation checks, FHIR/HL7 validity checks, prior authorization documentation quality checks
- Telemetry: grounding_score, hallucination_risk, fhir_validity, prior_auth_gap_count
- Next: Promote validated synthetic failures into nonsecret regression datasets through the Sentinel review gate.
- Hash: scrimed-intel-bf859497
Multi-Model Router
Route tasks by purpose, accuracy, latency, privacy, local/on-device availability, cost, and regulatory sensitivity.
- Capabilities: clinical reasoning routing, coding routing, medical imaging routing, document parsing / OCR routing, DICOM classification routing, speech-to-text routing, patient education routing, prior authorization routing, summarization routing, translation routing, compliance review routing
- Telemetry: task_type, privacy_requirement, latency_requirement, cost_class, selected_model_tier
- Next: Unify compute-fabric route decisions with Sentinel policy and observability envelopes.
- Hash: scrimed-intel-23a9bef1
Knowledge Operating System
Turn every completed workflow into a reusable playbook, evaluation case, structured lesson, agent memory artifact, knowledge graph update, and workflow improvement recommendation.
- Capabilities: reusable playbook generation, evaluation case generation, structured lesson capture, agent memory artifact, knowledge graph update, workflow improvement recommendation
- Telemetry: workflow_completed, reviewer_disposition, lesson_hash, playbook_hash
- Next: Create nonsecret knowledge artifact envelopes from completed synthetic workflows.
- Hash: scrimed-intel-2f2b6fb5
Healthcare Workflow Automation
Prioritize governed workflows for prior authorization, referral routing, intake, documentation, coding, scheduling, patient follow-up, care coordination, release-of-information, medication shortage visibility, and clinical-trial evidence management.
- Capabilities: prior authorization, referral routing, intake, documentation, coding, scheduling, patient follow-up, care coordination, release-of-information requests, medication shortage visibility, clinical trial evidence management
- Telemetry: workflow_type, approval_gate, documentation_gaps, status, human_owner
- Next: Add per-workflow authority matrices that separate draft, review, and protected execution states.
- Hash: scrimed-intel-d4e0c5ba
DevSecOps / CI-CD
Add automated tests, security scans, dependency scans, PHI leakage tests, FHIR validation, clinical safety regression tests, canary checklist, rollback plan, and infrastructure health checks.
- Capabilities: automated tests, security scans, dependency scans, PHI leakage tests, FHIR validation, clinical safety regression tests, canary deployment checklist, rollback plan, infrastructure health checks
- Telemetry: test_status, dependency_risk, phi_leakage_check, rollback_ready
- Next: Add a release gate manifest that binds smoke results, reviewer signoff, and rollback readiness.
- Hash: scrimed-intel-3d1ae8e5
Local-First / Edge AI
Support browser-side de-identification, on-device PHI redaction, offline clinical utilities, local model fallback, DICOM preprocessing, and edge inference for low-connectivity clinics.
- Capabilities: browser-side de-identification, on-device PHI redaction, offline clinical utilities, local model fallback, DICOM preprocessing, edge inference for low-connectivity clinics
- Telemetry: execution_target, redaction_status, offline_mode, edge_model_selected
- Next: Define edge runtime capability manifest with PHI transfer defaults set to blocked.
- Hash: scrimed-intel-94b2361b
Strategic Product Direction
Position SCRIMED as an AI-native healthcare operating system combining secure agents, clinical intelligence, workflow automation, local-first privacy, governed deployment, and continuous learning infrastructure.
- Capabilities: secure agents, clinical intelligence, workflow automation, local-first privacy, governed deployment, continuous learning infrastructure
- Telemetry: product_readiness_stage, boundary_status, buyer_proof_artifact
- Next: Bind this upgrade plan into investor-readiness and operating-command summaries.
- Hash: scrimed-intel-f1f37ebf
Contextual Policy Engine
Policy decisions evaluate what the agent has read, done, spent, retrieved, and attempted.
phi-external-action-block
If agent reads PHI, restrict external actions.
Block outbound communication, external sharing, EHR writeback, payer submission, and model calls outside approved private runtime.
untrusted-content-risk-score
If agent reads untrusted web content, increase risk score.
Require evidence verification and disable privileged tools until reviewer disposition.
cost-threshold-approval
If cost exceeds threshold, request approval.
Pause the run and return a safe budget-approval request.
high-stakes-action-review
If action touches patient safety, billing, legal, or outbound communication, require human review.
Queue the action for reviewer disposition and keep all outputs in draft mode.
destructive-mutation-elevated-approval
If action attempts destructive data mutation, require elevated approval.
Block mutation and require privileged operator approval with rollback plan.
Multi-Model Router
Route by task purpose, privacy, latency, cost, and regulatory sensitivity.
clinical_reasoning
highest_accuracy_clinical_model_or_validated_private_model
- Criteria: accuracy, privacy requirements, regulatory sensitivity, source grounding
- Blocked: No autonomous diagnosis, treatment, prescribing, or live patient care.
prior_authorization
payer_policy_reasoning_model
- Criteria: policy match quality, documentation completeness, cost, latency
- Blocked: No payer submission or medical-necessity determination.
medical_imaging
vision_medical_model_or_local_dicom_pipeline
- Criteria: modality support, local availability, uncertainty handling, regulatory sensitivity
- Blocked: No final imaging interpretation.
document_parsing_ocr
document_vision_model_with_local_redaction_precheck
- Criteria: layout preservation, PHI redaction, latency, cost
- Blocked: No raw connector payload logging.
patient_education_translation
plain_language_medical_model
- Criteria: readability, translation quality, clinical safety, cost
- Blocked: No patient outreach or individualized medical instruction.
Workflow Automation
Automation stays draft, recommendation, or metadata-only until human review.
prior authorization
Detect missing criteria, documentation language gaps, and submission risk before human-reviewed packet preparation.
documentation_gaps_found, cycle_time_reduction, denial_risk_reduced
referral routing
Match referral metadata to routing rules, wait-time signals, and closed-loop status tracking.
referral_completion, leakage_risk, wait_time
intake and documentation
Summarize intake, draft notes, detect missing fields, and route follow-up questions.
documentation_time_saved, missing_field_rate, reviewer_edits
coding and RCM
Support coding review, denial prevention, documentation completeness, and work queue triage.
denial_rate, coder_review_time, documentation_defect_rate
clinical trial evidence management
Secure, validate, hash, and sync decentralized trial evidence metadata.
evidence_hash_coverage, site_sync_status, protocol_deviation_flags
DevSecOps / CI-CD
Release safety depends on tests, scans, PHI leakage controls, clinical regression, and rollback evidence.
automated tests
typecheck, lint, nonsecret smoke, build
CI logs and contract-check output
PHI leakage tests
reject PHI-like notes, token-like fields, raw connector payloads, and secret fixtures
nonsecret test suite and Sentinel preview validators
FHIR validation
FHIR/HL7 contract checks and clinical data fabric validation
clinical data fabric and interoperability smoke artifacts
clinical safety regression tests
clinical robustness lab and Sentinel regression promotion gate
synthetic regression manifest and reviewer disposition metadata
rollback plan
release gate includes rollback owner and blast-radius controls
release-candidate readiness and boundary-release evidence
Validation
Contract checks keep the upgrade pack governed and non-PHI.
all-ten-upgrade-domains-present
The plan covers secure runtime, policy, observability, evals, routing, knowledge, workflows, DevSecOps, edge AI, and strategy.
Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.
domains-have-human-review-and-blocked-actions
Every domain carries a human review gate and explicit production/PHI hard stops.
Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.
contextual-policy-engine-fail-closes
Contextual policies define fail-closed behavior for PHI, untrusted content, cost, high-stakes actions, and destructive mutations.
Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.
multi-model-router-covers-required-task-types
Model routing lanes cover clinical, payer, imaging, document/OCR, and patient-language workloads.
Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.
workflow-automation-remains-review-gated
Workflow automation lanes stay draft, recommendation, or metadata-only until human review.
Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.
devsecops-controls-block-unsafe-release
DevSecOps controls include PHI leakage tests, clinical safety regression, and rollback evidence.
Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.
no-domain-authorizes-production-or-clinical-authority
The upgrade plan does not grant production deploy, customer go-live, diagnosis, or treatment authority.
Implement a metadata-only contextual policy preview API that accepts session-state facts and returns fail-closed policy decisions without executing tools.