Kinwell Health Partners

No agent may receive, process, store, or output protected health information (PHI) as defined by HIPAA. This includes: patient names, dates of birth, Social Security numbers, diagnosis codes, treatment plans, insurance member IDs, medical record numbers, and any combination of data that could identify a specific patient.

Why: A HIPAA breach can result in fines of $100 to $50,000 per violation, up to $1.5M per year for repeated violations. For a practice generating approximately $1.6M in revenue, a single reportable breach could be existential. Beyond fines, breach notification requirements, OCR investigations, and patient trust damage can close a small practice.

Failure mode: Beacon was generating a patient success story for the blog. The marketing coordinator fed Beacon a prompt that included: "Write a success story about our patient Margaret who recovered from a torn ACL in 12 weeks at our Buckhead location." Beacon produced a draft with the patient's first name, injury type, recovery timeline, and clinic location -- enough to identify the patient. The draft was caught in clinical review. Had it been published, it would constitute a HIPAA violation requiring breach notification to the patient and potentially to HHS. No fine resulted, but the incident triggered a complete redesign of the data pipeline to agents.

Scope: All agents, absolute.

The data pipeline to agents must be architecturally de-identified. Patient data is stripped before it reaches the agent, not by the agent. Agents never see raw data and are asked to anonymize it. De-identification happens in the export step from WebPT to the operational spreadsheets that agents read.

Why: Behavioral compliance ("the agent should anonymize data") fails because it depends on the agent's judgment and the prompt writer's diligence. Architectural compliance ("PHI is removed before the agent ever sees it") fails only if the export pipeline breaks, which is testable and auditable.

Failure mode: The initial approach was to give agents access to full patient records and instruct them to "anonymize all patient information in your output." Flow received full appointment data including patient names. It produced a scheduling analysis that referred to "Patient M.T.'s recurring 3:00 PM Thursday appointment" -- initials plus schedule pattern is enough to identify a regular patient in a small clinic. The architectural approach (strip names in the export) was implemented the next day.

Scope: All agents, all data pipelines.

Marketing content generated by Beacon that references patient outcomes, success stories, or treatment results must include a disclaimer and must never be based on a specific patient's case. Content must be based on aggregated outcomes or fully fictionalized scenarios reviewed by a licensed PT.

Why: Even anonymized patient stories can be identifiable in a small community. "A 45-year-old runner from Roswell who recovered from knee surgery" might describe only one person in the Roswell clinic's patient base. The patient's neighbors might recognize them. HIPAA's de-identification standard (Safe Harbor method) requires removal of 18 specific identifiers, but small-community identifiability goes beyond the checklist.

Failure mode: Beacon wrote a blog post about "a local teacher who returned to coaching after rotator cuff surgery at our Alpharetta clinic." The Alpharetta clinic had exactly one teacher patient who had rotator cuff surgery in the relevant timeframe. A staff member recognized the patient from the description. The post was pulled before publication, but the near-miss demonstrated that even "anonymized" stories are risky in small clinics with small patient populations.

Scope: Beacon.

All agent outputs are logged to a secure, access-controlled audit trail. Logs must be retained for 6 years (HIPAA retention requirement). Logs must be reviewed monthly for any inadvertent PHI exposure. If PHI is found in any log, it is treated as a potential breach and the HIPAA breach assessment protocol is triggered.

Why: HIPAA requires that covered entities maintain audit trails for systems that touch patient data. Even though agents should never receive PHI, the audit trail exists as a safety net to detect when the architectural controls fail.

Failure mode: No PHI has been found in agent logs since implementing architectural de-identification (C002). However, the monthly audit review in Month 3 found that Flow's scheduling analysis included a reference to "the 2:30 Tuesday patient" -- not a name, but enough to correlate with the appointment book. The reference was ambiguous enough not to constitute PHI, but the threshold was tightened: no temporal patterns that could identify specific patients.

Scope: All agents, compliance.

Flow (scheduling) must work exclusively with de-identified, aggregated data: appointment counts by hour, no-show rates by day of week, utilization percentages by clinic, average visit duration by treatment category (not by patient). Flow must never receive individual appointment records.

Why: Individual appointment records, even without names, contain temporal patterns (same time, same day, same duration) that can identify regular patients. Aggregated data eliminates this risk while still providing the statistical basis for scheduling optimization.

Failure mode: Flow received individual appointment records (time, duration, treatment category, clinic) with names stripped. Flow's analysis referenced "the recurring 45-minute appointment at Buckhead every Monday at 9 AM for 16 weeks." Any staff member at Buckhead would know which patient that is. The data pipeline was restructured to aggregate before export.

Scope: Flow.

Shield (insurance verification) must work with payer patterns and denial statistics, never with individual patient insurance records. Shield identifies common denial triggers by payer (e.g., "Blue Cross denies PT visits after 20 sessions without re-authorization 68% of the time") and prepares verification checklists. The front desk team applies these checklists to individual patients.

Why: Insurance records contain member IDs, group numbers, diagnosis codes, and treatment histories -- all PHI. Shield's value comes from pattern recognition across payers, not from processing individual claims.

Failure mode: Before the pattern-only rule, Shield was given individual insurance verification records to "check for common issues." Shield's output included: "Patient #4472's Blue Cross plan requires pre-auth for visits 21+, currently at visit 18." The patient number, combined with the visit count and payer, is enough to identify the patient in the practice management system. This is PHI. The rule was changed to pattern-level data only.

Scope: Shield.

Beacon (marketing) must never use real patient testimonials, real outcome data, or real before/after descriptions without explicit written HIPAA authorization from the patient (a separate authorization from the treatment consent). Beacon may use aggregated outcome statistics ("92% of our patients report reduced pain within 6 visits") that cannot identify individuals.

Why: Patient testimonials require a specific HIPAA authorization that is separate from the general treatment consent. Many practices assume the consent covers marketing use -- it does not. An unauthorized testimonial is a HIPAA violation even if the patient verbally agreed.

Failure mode: The marketing coordinator asked Beacon to draft a testimonial based on a patient who had verbally said "you can use my story." No written HIPAA authorization was obtained. Beacon drafted the testimonial. The clinical reviewer (a licensed PT) caught the missing authorization and halted publication. Had it been published, it would have been an unauthorized disclosure of PHI, reportable to HHS.

Scope: Beacon.

Grid (staff scheduling) must account for certification requirements by location. The Alpharetta clinic requires at least one PT with dry needling certification during all operating hours. The Buckhead clinic requires at least one PT with sports medicine specialization for the 6 AM - 9 AM athlete block. Grid must flag any proposed schedule that violates certification minimums.

Why: A clinic operating without the required specialist certifications during designated hours is both a patient safety risk and a regulatory compliance issue. Georgia state PT regulations require appropriate credentialing for specialized treatments.

Failure mode: Grid proposed a Thursday schedule that moved the only dry-needling-certified PT from Alpharetta to Roswell to cover a call-out. Three Alpharetta patients had dry needling appointments that Thursday. The front desk called to reschedule, but one patient had taken a half-day off work for the appointment. She was upset and left a 1-star Google review mentioning "constant scheduling changes." The clinic director now manually reviews all Grid proposals that move specialized PTs between locations.

Scope: Grid.

Flow's utilization data must feed into Grid's scheduling proposals. If Flow identifies that Tuesday afternoons at Buckhead are consistently at 40% utilization (versus 85% target), Grid must factor this into staff scheduling: either reduce staffing or propose marketing initiatives to fill the gap (flagged to Beacon).

Why: Scheduling optimization and staff scheduling are two sides of the same problem. Optimizing appointments without adjusting staff levels (or vice versa) produces either overstaffed slow periods or understaffed peaks.

Failure mode: Flow identified that Roswell's Friday afternoons averaged 35% utilization for 6 consecutive weeks. Grid continued scheduling full staff (4 PTs) for Friday afternoons because it didn't receive Flow's utilization data. At an average PT hourly cost of $48, the overstaffing cost approximately $1,150 over those 6 weeks. After connecting Flow to Grid, Friday afternoon staffing was reduced to 2 PTs with the other 2 shifted to Monday mornings (92% utilization, consistently overbooked).

Scope: Flow, Grid.

Shield must share payer denial trend data with the clinic director monthly. If a specific payer's denial rate increases by more than 10 percentage points in a 30-day period, Shield must flag it immediately in #billing-alerts Slack channel with the payer name, denial rate change, and top denial reason codes.

Why: Insurance payer behavior changes affect cash flow directly. A payer tightening authorization requirements or changing coverage policies can shift denial rates within weeks. Early detection allows the practice to adjust verification procedures before a backlog of denied claims accumulates.

Failure mode: A regional Blue Cross plan changed its PT visit authorization policy from 30-visit blocks to 12-visit blocks with mandatory re-authorization. Shield wasn't monitoring denial rate trends. Denials for that payer jumped from 8% to 31% over 3 weeks. The practice didn't catch it until the monthly billing review. By then, 23 claims totaling $4,600 had been denied. Most were recoverable with re-authorization, but the cash flow impact was felt for 45 days.

Scope: Shield.

Beacon must coordinate with Flow before publishing any marketing content that promotes specific appointment availability. If Beacon advertises "same-day appointments available," Flow must confirm that same-day availability actually exists at the promoted location. Advertising availability that doesn't exist drives frustrated phone calls and negative first impressions.

Why: Marketing promises create patient expectations. A new patient who sees "walk-ins welcome" on social media and arrives to a 2-hour wait will not return. The disconnect between marketing promises and operational reality is more damaging than no marketing at all.

Failure mode: Beacon published a Google Ads campaign promoting "same-week new patient appointments at all 3 locations." Buckhead's next available new patient slot was 11 days out. Three prospective patients called Buckhead referencing the ad and were told about the wait. Two chose competitors. The ad was paused after 4 days, but $340 in ad spend had already been consumed driving leads to a clinic that couldn't serve them.

Scope: Beacon, Flow.

No-show prediction models must use only day-of-week, time-of-day, appointment type, weather, and visit number in sequence (first visit, second visit, etc.). Patient demographics, diagnosis, and insurance type must not be used as predictive features even if they improve model accuracy.

Why: Using diagnosis or insurance type to predict no-shows creates discriminatory scheduling practices. If the model learns that Medicaid patients no-show more frequently and double-books those slots, it's implementing economic discrimination in healthcare access. This violates both ethical standards and potentially the Civil Rights Act.

Failure mode: Hypothetical, but the constraint was added proactively after a published case study from another practice showed that using insurance type as a no-show predictor resulted in Medicaid patients being systematically double-booked, reducing their available appointment times. Kinwell's practice manager read the case study and preemptively restricted Flow's feature set.

Scope: Flow.

Beacon must include accurate clinical information in all patient education content. Every health claim must be sourced from peer-reviewed literature or professional PT association guidelines. Beacon must not generate exercise recommendations, recovery timelines, or treatment expectations without clinical review.

Why: Healthcare marketing content that includes inaccurate clinical information is a liability risk. A blog post that says "most ACL recoveries take 8-12 weeks" when the actual clinical range is 6-9 months creates patient expectations that the practice cannot meet. It also exposes the practice to malpractice claims if a patient cites the content as the basis for their treatment expectations.

Failure mode: Beacon drafted a blog post stating "heel spurs typically resolve within 4-6 weeks of physical therapy." The actual clinical consensus is that plantar fasciitis (the condition causing heel spurs) typically requires 6-12 months of conservative treatment including PT. The clinical reviewer caught it. Had the post been published, patients beginning PT for heel spurs would have expected resolution in 4-6 weeks and been dissatisfied when it took longer.

Scope: Beacon.

Any PHI exposure incident -- even if caught before external disclosure -- must be documented, root-cause analyzed, and the architectural control that failed must be identified and fixed within 48 hours. PHI near-misses are treated with the same severity as actual breaches for internal process purposes.

Why: HIPAA enforcement trends show that OCR (Office for Civil Rights) increasingly evaluates systemic compliance, not just incident response. A practice that can demonstrate a near-miss program with root cause analysis and architectural fixes is in a stronger compliance position than one that only responds to actual breaches.

Failure mode: The first three months of operation produced 4 near-misses (C001, C002, C005, C006). Each was treated as a one-off correction. After implementing the near-miss severity protocol, the architectural redesign (C002) was fast-tracked and eliminated the root cause for all 4 categories of near-miss. Zero near-misses in the subsequent 8 months.

Scope: All agents, compliance.

When a new staff member joins and is trained on agent usage, they must complete a 30-minute HIPAA-and-agents training that covers: what PHI is, how agents work, why PHI must never enter a prompt, and how to report a suspected exposure. New staff are the highest-risk vector for PHI entering agent prompts.

Why: Clinical staff who are new to AI agents don't intuitively understand that typing a patient name into a prompt is different from writing it in a chart. The mental model of "the computer knows how to keep things private" doesn't apply to LLM-based agents.

Failure mode: A new front desk hire asked Shield a question that included a patient's full name and insurance member ID: "Can you check if John Smith, member ID BXC-445821, needs re-authorization?" Shield processed the request (it had no mechanism to reject PHI). The query and response were logged. The log now contained PHI. The practice's HIPAA compliance officer identified the log entry in the monthly audit. The log was purged, the employee was retrained, and the input validation was strengthened to reject patterns matching common PHI formats.

Scope: All agents, staff training.

Clinical judgment is exclusively human. Agents may present data (utilization rates, no-show patterns, payer statistics), but clinical decisions -- treatment plans, discharge timing, referral decisions, and patient communication about medical topics -- are exclusively the domain of licensed clinicians.

Why: Agents are not licensed healthcare providers. Any agent output that could be interpreted as clinical guidance exposes the practice to malpractice liability. The boundary isn't about capability -- it's about licensure and liability.

Failure mode: Flow's scheduling analysis recommended "reducing average appointment duration from 45 minutes to 30 minutes for follow-up visits based on utilization data." This is a clinical decision disguised as a scheduling recommendation. The clinical director rejected it because 45-minute follow-ups are the clinical standard of care for the types of injuries treated. Shorter appointments would compromise treatment quality. Flow was updated to propose scheduling changes that don't alter appointment durations without clinical director approval.

Scope: Flow, Shield, all agents.

Patient-facing communication -- appointment reminders, recall messages, satisfaction surveys, and any text or email that a patient receives -- must be reviewed by the practice manager before sending. Agents may draft but never send.

Why: Patients associate all communications from the practice with their healthcare provider. An impersonal or tone-deaf automated message can damage the therapeutic relationship. Worse, a message that inadvertently references treatment details is a HIPAA violation.

Failure mode: Beacon drafted an appointment reminder template that included: "Looking forward to seeing you for your [treatment_type] session!" The template variable was designed to pull from the de-identified appointment type field (e.g., "physical therapy"). But for specialized appointments, the field contained more specific values like "post-surgical rehabilitation" -- which is a clinical detail that constitutes PHI when linked to the patient receiving the reminder. The practice manager caught it and replaced the variable with a generic "your upcoming appointment."

Scope: Beacon, all patient-facing communications. ---