fhir-resource-access-audit
Per-AI-tool FHIR resource access events hash-chained for HIPAA + Section 1557 evidence
Six sibling specs for AI tools that touch PHI, FHIR resources, clinical decisioning, and AI/ML medical devices. The Suite vertical 6-pack that lets a hospital, payer, or digital health vendor publish Decision Cards, Incident Cards, and Evidence Bundles regulators can validate.
FDA SaMD (510(k) / De Novo / PMA + PCCP per Dec 2024 final) · HIPAA Privacy + Security Rules · Section 1557 of the ACA · IMDRF AE Terminology · CTCAE severity scale
FHIR-bridged audit events; FDA SaMD lifecycle Operator; HIPAA 18 Safe Harbor identifier categories in vault contract; OMB SPD 15 + Section 1557 + Fitzpatrick skin-type-classifier in bias coverage.
Every Kinetic Gain Protocol Suite vertical 6-pack contains exactly these six artifact shapes. The same six shapes appear in every vertical — only the per-vertical content (data categories, regulatory basis, invariants) differs.
fhir-resource-access-auditPer-AI-tool FHIR resource access events hash-chained for HIPAA + Section 1557 evidence
fda-samd-classification-boardFDA SaMD classification lifecycle (510(k) / De Novo / PMA + PCCP per Dec 2024 final)
hipaa-readiness-evidence-bundle18 HIPAA Security Rule standards across Admin / Physical / Technical safeguards
clinical-bias-cohort-coverage-labOMB SPD 15 + Section 1557 + Fitzpatrick skin-type-classifier + equity metrics
medical-adverse-event-incident-cardFDA MedWatch + EU MDR vigilance + IMDRF AE Terminology + CTCAE severity scale
phi-vault-contract-profileAI Procurement Decision Card v0.3 vault contract profile naming HIPAA's 18 Safe Harbor identifier categories
The HealthTech audit-stream now has a full end-to-end reference implementation in Node.js: fhir-resource-access-audit-reference (AGPL-3.0).
It reads from a FHIR R4 server (HAPI public test in live mode, fixtures in test mode), applies a HIPAA Safe-Harbor vault contract, emits Suite-compliant hash-chained events, and re-verifies its own output against the spec's published JSON Schema in CI. Green CI is evidence the spec is implementable end-to-end — not just well-typed example data.
A buyer's procurement team operating across mixed regulated verticals — HealthTech AI vendors plus FinTech AI vendors plus HR Tech AI vendors — can apply the same six-shape Suite vocabulary to every vendor in every vertical. The kg-suite-vertical-router tool routes any artifact to the right vertical's verification logic with one CLI command. The kg-suite-vertical-comparator tool surfaces the SAME-vs-DIFFERENT design contributions across all six verticals as a single reference table.