Governance & Program Info
Autonomous Prior Authorization — Governance
Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 17 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Complete HIPAA risk analysis covering the full agentic workflow
Per 45 CFR 164.308(a)(1)(ii)(A), a documented risk analysis for every system touching ePHI — including every agent in the workflow.
05 · Governance & Compliance
Signed BAAs with every inference / infrastructure vendor
If any agent calls a third-party API (even for embeddings), that vendor must have a signed BAA in force.
05 · Governance & Compliance
Minimum-necessary enforcement at architectural level
Workflow is structured so each agent can only see the PHI scoped to its step, not the full record.
05 · Governance & Compliance
Access logging and audit trail for every PHI access by an agent
45 CFR 164.312(b) audit controls — every agent PHI read and every decision logged with actor, timestamp, scope.
05 · Governance & Compliance
Breach notification playbook for agent-caused incidents
Incident response procedure if an agent misroutes PHI, fabricates data in a submission, or escapes its scope.
05 · Governance & Compliance
Map CMS-0057-F obligations applicable to the workflow
The rule applies to Medicare Advantage, Medicaid managed care, CHIP managed care, and QHPs on ACA marketplaces.
05 · Governance & Compliance
Implement denial-reason transparency in workflow outputs
CMS-0057-F requires payers to provide denial reasons in a structured form — the workflow should surface these to clinicians.
05 · Governance & Compliance
Validate FHIR R4 / Da Vinci PAS conformance
Submissions conform to the Da Vinci PAS implementation guide, not just generic FHIR R4.
05 · Governance & Compliance
Monitor X12 / FHIR transition path per payer
Payers are migrating from X12 278 to FHIR-based PAS on different timelines — maintain dual-path capability.
05 · Governance & Compliance
Map state AI prior-authorization laws applicable to operations
CA SB 1120 (effective Jan 1, 2025) requires physician review of AI-driven denials; other states are following.
05 · Governance & Compliance
Align governance with NIST AI RMF 1.0
Map the governance program to the NIST AI RMF 1.0 Govern / Map / Measure / Manage functions.
05 · Governance & Compliance
Evaluate ONC HTI-2 applicability for decision-support outputs
ONC HTI-2 extends transparency requirements for predictive decision-support interventions in certified EHRs.
05 · Governance & Compliance
Align model validation with 21 CFR Part 11 where records are regulated
If the workflow produces records submitted to FDA-regulated processes, electronic signature and audit requirements apply.
05 · Governance & Compliance
Establish board-level AI governance reporting
Auto-approval rate, denial rate, overturn rate, patient-harm incidents, and state-law compliance reported up to board risk.
05 · Governance & Compliance
Full decision provenance per request
Every submission linkable to the exact model versions, policy versions, and evidence sources that produced it.
05 · Governance & Compliance
Chain-of-custody on PHI from extraction through submission
PHI lineage from source EHR resource, through each agent, to final submission artifact is cryptographically linkable.
05 · Governance & Compliance
Retain audit artifacts for the longer of state / payer retention requirements
Typically 6–10 years for medical records, with payer contracts sometimes demanding longer.