| Internet-Draft | OMP Clinical AI Profile | April 2026 |
| Adebayo, et al. | Expires 7 October 2026 | [Page] |
This document defines a domain profile of the Operating Model Protocol (OMP) for AI systems deployed in clinical and healthcare decision contexts subject to qualified human reviewer requirements under the US Joint Commission and Coalition for Health AI (CHAI) Responsible Use Guide (September 2025), California Senate Bill 1120 (SB 1120, effective January 1, 2025), New York Assembly Bill A9149 (pending), and related US state and federal healthcare AI accountability obligations.¶
The profile -- designated CareGuard -- specifies how OMP's deterministic routing invariant, Watchtower enforcement framework, and three-layer cryptographic integrity architecture satisfy the qualified human reviewer documentation requirements, clinical decision traceability obligations, and AI governance evidence standards applicable to healthcare AI deployments. The profile addresses four clinical deployment categories: medical necessity determinations, clinical decision support, diagnostic AI assistance, and prior authorisation AI systems.¶
The OMP core specification is defined in the Operating Model Protocol Internet-Draft (draft-veridom-omp).¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 7 October 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
AI systems are now embedded across the clinical pathway: in medical necessity determination, prior authorisation, clinical decision support, diagnostic imaging analysis, sepsis prediction, and medication management. The pace of deployment has substantially outrun the development of regulatory frameworks that specify, with technical precision, what accountability evidence these systems must produce.¶
Three instruments have begun to define that framework with sufficient precision to support technical specification:¶
These instruments converge on a structural requirement that maps directly onto OMP [I-D.veridom-omp]: every AI-assisted clinical decision that produces a consequential outcome for a patient must be either reviewed by a named, qualified human reviewer before it is acted upon, or blocked from autonomous execution and escalated to qualified human review.¶
This document defines the CareGuard profile: the domain-specific instantiation of OMP for clinical AI accountability. CareGuard denotes that each AI-assisted clinical decision is cryptographically marked against the operator's care accountability obligations, producing a tamper-evident record before the decision affects a patient.¶
Related OMP domain profiles include the AI Liability Insurance profile [I-D.veridom-omp-aiins]. Audit Trace payloads are canonicalized per [RFC8785]. The OMP specification is also archived at [ZENODO-OMP].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] [RFC8174].¶
This document uses the terminology defined in [I-D.veridom-omp]. In addition:¶
The Joint Commission and CHAI Responsible Use Guide (September 2025) [CHAI-2025] requires: contemporaneous documentation that qualified clinical staff reviewed AI recommendations before acting on them; named accountability for AI clinical system governance; auditability of specific clinical decisions (what the AI recommended, whether a qualified reviewer assessed the recommendation, what the final outcome was); and documentation of failure mode handling when AI confidence is low or the training distribution does not cover the patient presentation.¶
The contemporaneity requirement is the specific property OMP's sealed Audit Trace architecture satisfies. A QHR attestation created after the fact is not contemporaneous evidence; an OMP CareGuard Audit Trace sealed with an RFC 3161 [RFC3161] Qualified Timestamp at the moment of QHR review is.¶
California SB 1120 [CA-SB1120] (effective January 1, 2025) requires: a physician or other licensed healthcare professional with relevant clinical expertise must review AI-generated adverse medical necessity determinations before they are communicated to the patient or provider; the reviewing clinician must document independent clinical review; health plans must retain the AI recommendation, the reviewer's documentation, and the final determination; and health plans must disclose to enrollees when AI was used in a coverage determination resulting in a denial.¶
New York AB A9149 [NY-A9149] (pending) proposes requirements substantively identical to California SB 1120 for health plans operating in New York, with additional provisions: patient notification in writing when AI was used in a coverage determination; patient right to request human review of any AI-assisted adverse determination; and New York DFS audit rights over health plan AI systems used in coverage determinations. The CareGuard profile is designed to satisfy both instruments through a single evidence framework.¶
The CMS Interoperability and Prior Authorization Rule (CMS-0057-F [CMS-0057-F], effective January 2026) requires health plans subject to CMS oversight to automate prior authorisation processes and maintain documentation of prior authorisation decisions including AI-assisted decisions. Section 5.4 addresses CMS-0057-F documentation requirements.¶
The EU AI Act Annex III includes AI systems used in medical or health services as high-risk AI systems subject to Article 12 logging requirements addressed in [I-D.veridom-omp-euaia]. The CareGuard profile is designed for use in conjunction with the EUAIA profile for healthcare AI deployments subject to both EU AI Act and US clinical accountability requirements. Section 4.5 defines a compatibility field for joint deployments.¶
The Joint Commission/CHAI guide, California SB 1120, and the pending New York legislation define a structure that maps precisely onto OMP's three routing states: AI clinical recommendations reviewed and approved by a QHR before being acted upon correspond to ASSISTED; recommendations triggering a Patient Safety Override or confidence failure correspond to ESCALATED; fully autonomous AI clinical decisions affecting patients are NOT PERMITTED under this profile for Consequential Clinical Decisions.¶
The Named Accountable Officer under this profile is the Qualified Human Reviewer: the licensed clinician who reviews the AI recommendation before it is acted upon. The QHR MUST hold the licensure required by applicable law for the type of clinical decision under review. For California SB 1120, the QHR MUST be a physician or other licensed healthcare professional with relevant clinical expertise.¶
Required fields in the QHR record:¶
qhr_npi: National Provider Identifier (US) or equivalent national professional registration identifier. MUST NOT be null for Consequential Clinical Decisions;¶
qhr_credential_type: licensure category (e.g., "MD", "DO", "NP", "PA", "RN");¶
qhr_review_timestamp: ISO 8601 UTC timestamp of the QHR's review action -- the contemporaneity anchor for SB 1120 and Joint Commission/CHAI compliance;¶
qhr_clinical_determination: one of APPROVED, MODIFIED, OVERRIDDEN, ESCALATED_TO_SPECIALIST;¶
qhr_independent_basis: REQUIRED for MODIFIED and OVERRIDDEN; documents that the QHR exercised independent professional judgment, not merely ratified the AI recommendation.¶
Trigger: Any interaction classified as a Consequential Clinical Decision.¶
Action: FORCE_ASSISTED. Cannot be disabled for Consequential Clinical Decisions.¶
Rationale: California SB 1120 and the Joint Commission/CHAI guide require documented human oversight of consequential AI clinical decisions. This Watchtower gives these requirements structural enforcement: it is architecturally impossible for a Consequential Clinical Decision to proceed to patient impact without generating a QHR review record.¶
Trigger: AI output contains or implies a condition the operator's clinical safety detection framework identifies as creating an imminent patient safety risk (e.g., recommendation conflicting with a known allergy or contraindication; medical necessity denial for a condition flagged as urgent; diagnostic output inconsistent with vital signs indicating acute deterioration).¶
Action: HARD_BLOCK immediately. AI output MUST NOT be communicated to the patient, provider, or any downstream clinical process. Clinical Escalation Authority alerted immediately.¶
Rationale: Patient safety is non-negotiable. HARD_BLOCK ensures Patient Safety Override conditions interrupt the AI pipeline rather than merely flagging it, preventing the failure mode where an AI safety concern is communicated as a recommendation rather than an immediate interrupt.¶
Trigger: Composite Confidence Score falls below the operator's configured clinical safety floor.¶
Action: FORCE_ESCALATED. The AI recommendation MAY be provided to the Clinical Escalation Authority as context, clearly labelled as below the clinical confidence floor, but MUST NOT be acted upon as an AI recommendation.¶
Rationale: A recommendation generated below the clinical confidence floor signals the AI system is operating outside its validated performance envelope. The appropriate clinical response is independent human judgment, not review of an unreliable recommendation.¶
Trigger: Patient presentation matches a known training distribution limitation documented in the AI system's clinical validation records (e.g., demographic characteristics underrepresented in training data; clinical features identified as associated with reduced performance).¶
Action: FORCE_ESCALATED. CareGuard Audit Trace records the specific training limitation triggered.¶
Rationale: Known training distribution limitations create a specific duty to escalate when those limitations are relevant to a patient presentation, consistent with the Joint Commission/CHAI requirement to document AI failure mode handling.¶
Trigger: AI output deviates from expected operating parameters in ways suggesting model degradation, data drift, or adversarial input rather than a legitimate clinical edge case.¶
Action: FORCE_ESCALATED plus system anomaly alert for review by the operator's AI governance authority.¶
Rationale: AI clinical systems can degrade as patient population characteristics evolve away from the training distribution. Anomalous output detection provides early warning to prevent systematic patient harm from a degraded AI system operating at scale.¶
Trigger: For health insurer and managed care plan deployments subject to California SB 1120: AI output constitutes or implies an adverse determination.¶
Action: FORCE_ESCALATED. MUST be reviewed by a physician or other licensed healthcare professional with relevant clinical expertise before the adverse determination is communicated to the patient or provider.¶
Rationale: California SB 1120 creates a specific, legally enforceable requirement for QHR review of AI-generated adverse determinations. WT-CLINICAL-06 gives this requirement structural enforcement for the SB 1120 context, in addition to the general QHR Gate (WT-CLINICAL-01).¶
The following fields are REQUIRED under the CareGuard profile, in addition to core fields in [I-D.veridom-omp] Section 7:¶
qhr_npi: string, REQUIRED for Consequential Clinical Decisions. National Provider Identifier (US) or equivalent national professional registration identifier.¶
qhr_credential_type: string, REQUIRED. RECOMMENDED values: "MD", "DO", "NP", "PA", "RN", "PharmD", "clinical_specialist".¶
qhr_review_timestamp: string, ISO 8601 UTC, REQUIRED for ASSISTED and ESCALATED. The contemporaneity anchor for SB 1120 and Joint Commission/CHAI compliance.¶
qhr_clinical_determination: string, REQUIRED for ASSISTED and ESCALATED. One of: APPROVED, MODIFIED, OVERRIDDEN, ESCALATED_TO_SPECIALIST.¶
qhr_independent_basis: string, OPTIONAL for APPROVED; REQUIRED for MODIFIED and OVERRIDDEN. Documents independent clinical judgment, not merely ratification of the AI recommendation.¶
patient_safety_override: boolean, REQUIRED. True if WT-CLINICAL-02 triggered a Patient Safety Override.¶
clinical_confidence_floor_breached: boolean, REQUIRED. True if WT-CLINICAL-03 triggered for this interaction.¶
training_limitation_triggered: string, OPTIONAL. Identifier of the specific training distribution limitation that triggered WT-CLINICAL-04, if applicable.¶
deployment_category: string, REQUIRED. One of: "medical_necessity", "clinical_decision_support", "diagnostic_assistance", "prior_authorisation", "administrative".¶
sb1120_adverse_determination: boolean, REQUIRED for health insurer and managed care plan deployments in California. True if WT-CLINICAL-06 triggered.¶
euaia_joint_deployment: boolean, OPTIONAL. True if this deployment is also subject to EU AI Act Article 12 requirements addressed in [I-D.veridom-omp-euaia].¶
profile_version: string, REQUIRED. MUST be "VERIDOM-CAREGUARD-v1.0".¶
For medical necessity determinations: WT-CLINICAL-01 and WT-CLINICAL-06 MUST be active. deployment_category MUST be "medical_necessity". For California deployments, sb1120_adverse_determination MUST be evaluated for every interaction. The QHR MUST hold the SB 1120-required credential. Audit Traces MUST be retained for a minimum of three years from the determination date for California SB 1120 compliance.¶
For clinical decision support: WT-CLINICAL-01 through WT-CLINICAL-05 MUST be active. deployment_category MUST be "clinical_decision_support". The QHR is the treating clinician who acts on the AI recommendation at the point of care; their NPI MUST be recorded. WT-CLINICAL-04 MUST be configured with the training distribution limitations documented in the AI system's clinical validation records and FDA 510(k) clearance documentation where applicable.¶
For diagnostic AI assistance: WT-CLINICAL-01 through WT-CLINICAL-05 MUST be active. WT-CLINICAL-02 is particularly critical: a diagnostic AI recommendation conflicting with clinical findings indicating acute deterioration MUST trigger HARD_BLOCK. deployment_category MUST be "diagnostic_assistance". The QHR is the licensed clinician who interprets the AI output and issues the diagnostic report.¶
For prior authorisation AI systems: WT-CLINICAL-01 and WT-CLINICAL-06 MUST be active. deployment_category MUST be "prior_authorisation". For CMS-regulated health plans, CareGuard Audit Traces for prior authorisation decisions MUST be retained and producible for CMS audit within the timeframes specified by CMS-0057-F. Audit Traces MUST record whether the prior authorisation request was subject to a required response timeline and whether QHR review was completed within that timeline.¶
Implementations of this profile MUST satisfy the following two-property invariant:¶
An operator satisfying the CareGuard Invariant can demonstrate, for any Consequential Clinical Decision: the AI recommendation as generated; the QHR's identity (NPI), credential type, and review timestamp establishing contemporaneity for SB 1120 and Joint Commission/CHAI purposes; the QHR's clinical determination and independent basis where required; Watchtower evaluation results; whether a Patient Safety Override was triggered; and that the record has not been altered since sealing.¶
When WT-CLINICAL-02 triggers a Patient Safety Override: (a) the AI system's output is immediately blocked -- no further processing of the AI recommendation occurs; (b) a Patient Safety Override Audit Trace is generated immediately with patient_safety_override set to true, the specific safety condition identified, and a UTC timestamp sealed with an RFC 3161 TimeStampToken; (c) the Clinical Escalation Authority is alerted immediately; (d) the Clinical Escalation Authority's response -- including the responding clinician's identity, response timestamp, and clinical disposition -- MUST be recorded in the CareGuard Audit Trace within the operator's configured maximum response time; (e) no further AI-assisted processing of this interaction MAY occur until the Clinical Escalation Authority has documented a clinical disposition.¶
The Patient Safety Override architecture prevents the failure mode documented in published adverse event reports involving AI clinical systems: a patient safety concern detected by an AI system that was communicated as a recommendation rather than as an immediate interrupt, resulting in delayed clinical response. OMP's HARD_BLOCK mechanism ensures Patient Safety Override conditions interrupt the AI pipeline, not merely flag it.¶
The OMP Proof-Point artefact for a clinical deployment MUST include, for each Consequential Clinical Decision: the full CareGuard Audit Trace including the AI recommendation as generated; the QHR review record; the Watchtower evaluation log; chain integrity proof (SHA-256 Merkle root and chain path); and the RFC 3161 TimeStampToken verification output from the OMP Reference Validator [OMP-OPEN-CORE], confirming the temporal anchor that establishes contemporaneity.¶
This artefact is self-contained: a state insurance regulator, CMS auditor, Joint Commission reviewer, plaintiff's attorney, or expert witness can verify its integrity using only the OMP Reference Validator and the Timestamp Authority's public key material, without access to the operator's infrastructure. For SB 1120 adverse determination appeals, the CareGuard Audit Trace provides: documentation of independent QHR review (SB 1120 requirement); RFC 3161 timestamp proving contemporaneity; qhr_independent_basis documenting independent clinical judgment; and the three-layer integrity architecture proving the record has not been altered.¶
The security considerations of [I-D.veridom-omp] apply in full.¶
Patient data sensitivity: CareGuard Audit Traces will routinely contain or be associated with Protected Health Information (PHI) under HIPAA. Operators MUST implement HIPAA-compliant safeguards for Audit Trace storage, access, and disclosure.¶
QHR identity integrity: The qhr_npi field MUST reflect the NPI of the actual clinician who reviewed the AI recommendation. Operators MUST implement technical controls to prevent NPI assignment without the clinician's authenticated action. The review_timestamp MUST be set by the OMP pipeline at the time of the QHR's authenticated review action.¶
Patient Safety Override integrity: The patient_safety_override field MUST be set by the OMP Watchtower framework, not by the operator's application layer. Operators MUST NOT implement mechanisms allowing the patient_safety_override flag to be unset after being set by WT-CLINICAL-02.¶
Confidence floor integrity: Changes to the clinical confidence floor MUST be treated as configuration changes requiring the same governance approval as clinical protocol changes, and MUST generate a WT-CLINICAL-05 anomaly record.¶
This document has no IANA actions.¶