Compliance & Security

AI Governance Memo

AI Diligence Console

AI Doctrine: How Rōvn Uses AI

TL;DR: Rōvn's Golden Rule is non-negotiable: AI operates the workflow. Source systems prove the facts. Humans make every regulated decision. AI runs on a five-tier truth ladder (imported → attested → processed → source-verified → approved) and across 18 product surfaces split nine facility-side (the Operator, reading the Rōvn engine) and nine worker-side (Passport). The network-scale AI credentialing engine lives in Rōvn the network, one shared engine trained on every verification across all facilities, not per-facility Operator copies. AI chain: AWS Bedrock under BAA → Anthropic Claude (Haiku 4.5) under BAA → Rōvn backend on ECS. This doctrine survives a hospital General Counsel reading it line-by-line.

1. The Golden Rule

AI operates the workflow. Source systems prove the facts. Humans make every regulated decision.

That sentence is the procurement-safe spine of Rōvn. Every facility GC, CMO, CNO, and compliance officer reads that line and signs off. It cleanly separates AI assistance from regulated decision-making.

Three failure modes the Golden Rule prevents:

AI-decides framing, "AI verifies credentials" / "AI approves clinicians." Both are procurement red flags. AI does not have regulatory standing to approve a privilege grant or attest a primary source verification. We never frame AI that way.
Source-substitute framing, claiming AI extraction is verification. AI extracts. Sources verify. The distinction is the regulatory boundary.
Human-removed framing, "fully automated credentialing." Credentialing committees are non-negotiable under Joint Commission / CMS surveyor PSV and NCQA Ideal Credentialing 2024. Removing the human is illegal in clinical contexts and unacceptable to procurement.

The Golden Rule is the version of Rōvn that ships to every customer, every investor, every regulator, every audit. Rōvn operates the workflow and prepares readiness; the facility makes every hiring, scheduling, deployment, credentialing, and privileging decision. Rōvn is not a staffing agency, places no one, and charges no placement, commission, or success fees.

2. The Five-Tier Truth Ladder

AI output lives on a depth ladder. Auditors can replay any fact and see exactly which tier produced it.

Tier	State	What it means	AI's role	Human's role
1	imported	Field ingested from an upload or external feed before any worker assertion	None yet	None yet
2	attested	Worker typed it in / affirmed it	None yet	Worker attests
3	processed	AI extracted structured fields from an uploaded document	OCR/LLM compresses	Worker or reviewer confirms
4	source-verified	Primary source (NPDB, DEA, ABMS, state board, OIG, SAM, Nursys) returned matching record	Orchestrates source query, caches receipt	Reviewer optional
5	approved	Facility credentialing committee signed off for hire or privilege	Builds packet, surfaces gaps	Committee approves

Every credential field carries one of these labels at every moment. The label can move up the ladder over time (imported → attested → processed → source-verified → approved). It never moves down.

Receipts attach to tiers 3-5. Each receipt: source name, source URL, source timestamp, hash, depth tier, validity window. Anchored to the hash-chained audit log with S3 Object Lock 7-year retention.

3. The 18 AI Surfaces

Nine on the facility side and nine on the worker side (Passport). All compressing. None deciding.

Layer note. The Operator is the facility-facing surface, it orchestrates facility-side workflow and reads the Rōvn network's verified output. The verification, credentialing, recredentialing, and continuous-monitoring engine runs in Rōvn the network, network-scale, not in per-facility Operator copies. The AI credentialing engine trains on every verification across the whole network. The facility-side surfaces below run inside the Operator and read that engine; they do not run verification themselves.

Facility-side AI surfaces (the Operator + Rōvn engine)

#	Surface	Compresses	Cannot do
1	Route Engine	Worker specialty → facility role + privilege panel	Approve the panel
2	Document Parser	OCR/LLM extracts structured fields from uploads	Verify against primary source
3	Gap Engine	Surfaces missing credentials, expirations, license-state mismatches	Decide remediation
4	Privilege Advisor	Suggests panel based on verified specialty + competency	Grant the privilege
5	Packet Builder	Assembles privileging packet, hire packet, audit packet	Approve or send
6	Coordinator Copilot	Drafts coordinator emails, follow-ups, status nudges	Send without human approval
7	Monitoring Copilot	Triages overnight monitoring deltas	Decide enforcement action
8	Ops Copilot	Drafts ops summaries, pipeline reports, executive briefs	Make ops decisions
9	Anomaly Flagger	Flags name mismatches, photo-doc mismatches, suspicious uploads	Confirm fraud

Worker-side (Passport) AI surfaces

#	Surface	Compresses	Cannot do
1	Onboarding Assistant	Guides Passport build, flags missing credentials	Attest on worker's behalf
2	Document Intake	OCR/LLM extracts from worker-uploaded credentials	Verify against primary source
3	Renewal Reminder	Surfaces upcoming license / cert / immunization expirations	Renew the license
4	Opportunity Match	Surfaces facility roles the Passport meets requirements for	Apply on worker's behalf
5	Privacy Controls	Surfaces field-level consent options	Grant consent automatically
6	Verification Coverage Map	Shows which sources are verified / stale / missing	Decide what to verify
7	Portable Receipts	Surfaces tier-labeled receipts the worker can share	Share without worker consent
8	Continuous Monitoring Opt-in	Surfaces monitoring subscriptions	Enable without consent
9	Earnings / Hours Dashboard	Surfaces network opportunities	Apply or accept on the worker's behalf

All 18 surfaces share the same AI gateway (app/services/ai_gateway.py) and write to the ai_runs ledger (migration 029, 031) for token cost capture and audit trail.

4. AI Executor: Claude Haiku 4.5 Under BAA via AWS Bedrock

The executor is Anthropic Claude (Haiku 4.5 for lightweight extraction and routing; higher-tier Claude models for higher-complexity drafting and triage).

AI chain: AWS Bedrock under BAA → Anthropic Claude (Haiku 4.5) under BAA → Rōvn backend on ECS. No traffic to Anthropic outside the AWS BAA boundary.
Runs in HIPAA-eligible AWS environments. PHI minimization, only credential metadata moves through the AI gateway; clinical PHI does not.
All executor calls log to the ai_runs table with model, prompt hash, response hash, token count, cost, and latency.
Hash-chained audit log captures every executor call with a content-addressable hash.

Executor responsibilities:

Document extraction (Tier 3, processed)
Source orchestration (Tier 4, source-verified dispatch)
Packet drafting (Tier 5, approved packet assembly)
Anomaly flagging surface
Coordinator and ops drafting

Executor never produces a Tier 4 or Tier 5 fact. It surfaces, drafts, orchestrates. Sources and humans produce the terminal facts.

5. AI Advisor: Opus 4.7 via Beta Tool

The advisor is Anthropic Claude Opus 4.7 invoked through the Anthropic advisor-tool beta (advisor-tool-2026-03-01).

ZDR-eligible (Zero Data Retention), advisor traffic does not persist on Anthropic infrastructure.
Used for deep reasoning steps where the executor benefits from a second-opinion: complex anomaly triage, cross-source crosswalk verification, packet structure validation, ops summarization of multi-week pipelines.
Every advisor call logs to ai_runs separately with advisor_calls count and token cost capture.
Task definition :110+ confirms beta header wired in production.

The advisor never bypasses the Golden Rule. Output is surfaced to the executor or directly to the human reviewer; it does not produce a regulated fact.

6. What AI Can Do

Within the doctrine, AI can:

Extract structured fields from worker-uploaded credentials (driver's license, DEA registration, state board printout, immunization record, transcript, BLS/ACLS card, etc.)
Crosswalk worker-attested data against primary-source returns and flag mismatches
Flag anomalies, name variance, license-state mismatch, exclusion list hits, sanction history, photo-document mismatches, document tampering markers
Summarize privileging packets, hire packets, audit packets, monitoring deltas, ops state
Rank applications against role requirements (readiness match score; never a hire decision)
Draft coordinator emails, follow-up nudges, status updates, ops briefs (for human approval before send)
Orchestrate source queries, dispatch NPDB / DEA / ABMS / state board / Nursys / OIG / SAM in correct sequence, surface results
Cache receipts inside validity windows and serve cached-replay on subsequent reads

That is the compression layer. Done correctly, AI removes 60-80% of MSO labor without removing the regulated human decision.

7. What AI Cannot Do

Outside the doctrine. Banned at the product level.

AI cannot decide a credentialing outcome. The committee approves credentials.
AI cannot grant a privilege. The committee approves privileges.
AI cannot make a hire. The hiring manager and committee approve hires.
AI cannot make a clinical decision. Clinicians make clinical decisions.
AI cannot fabricate a verified status. A Tier 4 source-verified label requires a real primary-source receipt.
AI cannot share PHI without consent. Worker consent is required. Time-boxed and revocable.
AI cannot auto-renew a license. Licensure renewal is a worker action.
AI cannot represent itself as the source of truth. Sources are the source of truth.

If any product surface drifts toward one of these prohibited behaviors, it is reverted before ship.

8. AI Maximization Roadmap: Stage by Stage

Section 3 lists the 18 AI surfaces that ship today. This section is the forward roadmap, where AI compression deepens across the ten-stage hiring-through-monitoring pipeline. Two framing rules first.

The moat is the engine, not the feature list. Module-level AI is breadth, any competitor can publish a feature list. Rōvn's defensible AI is three structural facts:

One network-scale engine. Not per-facility copies, one engine trained on every verification across every facility. It gets faster and cheaper with every verification anyone in the network runs.
Cached replay. Every verification done once replays at near-zero marginal cost, the gross-margin curve (40% Y1 → 86% Y5). AI compounding layered on the margin curve: double compounding.
Trust-native output. Every AI output ships a depth-tier label and a source receipt. No competitor's AI does this, it is what makes the output usable inside a regulated credentialing process.

Every roadmap item stays inside the Golden Rule. AI drafts, ranks, predicts effort, pre-fills, flags. The facility decides. The Layer column marks where each stage runs: the Operator runs and orchestrates; the Rōvn engine runs verification, credentialing, recredentialing, and monitoring network-scale.

The Operator runs the pipeline as autonomous lanes between four human decision gates. The Operator compresses the work between stages with no human action, and stops at the gates: interview, offer, hire, privilege. The facility decides at the gates; AI runs the preparation between them. Rōvn operates the workflow and prepares readiness; it never makes the hiring, scheduling, or deployment call. This is the same Golden Rule, drawn on the hiring pipeline, autonomy in the lanes, human ownership at every decision.

#	Stage	Layer	Live now	AI-maximized (roadmap)	Guardrail
1	Workforce Demand	the Operator	Demand panel, static shortage signals (LIVE)	Predict facility shortage 90 days out from roster turnover + license-expiration patterns Rōvn already monitors; auto-draft role requirements per role + state + facility	Forecast is decision support; the coordinator posts the role
2	Intake + Triage	the Operator	Triage readiness scoring (PARTIAL)	Network-first check, if the applicant already holds a Passport, verification is instant cached-replay; rank the rest by time-to-credentialed; flag who unblocks the most coverage; predict offer-accept probability	Ranking is tier-labeled; a human screens and selects
3	Verification	Rōvn engine	Document Parser extraction (PARTIAL)	Auto-route each document to the correct source authority; flag document anomalies for human review; reconcile conflicting source returns; predict which verification fails before it runs	Source systems prove the fact; an anomaly is a flag, never a fraud verdict
4	Credentialing	Rōvn engine	Gap Engine + Packet Builder (PARTIAL)	Auto-assemble the full file; draft the committee narrative summary; produce a file-readiness score (completeness + flag count vs prior approved files)	Not an approval prediction, the committee decides the outcome
5	Privileging	the Operator (reads Rōvn truth ladder)	Privilege Advisor (TARGET, schema live, workflow pending pilot)	Auto-map requested privileges to case logs + board cert + training; draft OPPE/FPPE evaluations for the medical staff office to own; flag privilege-creep	AI drafts; the peer-review committee evaluates the practitioner
6	Hire + Onboard	the Operator	Mostly manual (TARGET)	Agentic showcase, auto-generate the onboarding checklist per role, sequence tasks, autonomously chase missing items, predict the completion date, draft the offer letter	The agent chases; a human approves the offer and the hire
7	Active Monitoring	Rōvn engine (the Operator displays)	Monitoring Copilot (PARTIAL)	Daily AI brief of all network events; predict which credential lapses next; auto-draft renewal nudges; triage sanctions by severity	The brief is surveillance output; the compliance officer acts
8	Recredentialing	Rōvn engine	Cadence trigger, schema live (PARTIAL)	Pre-fill the recred packet from the prior cycle plus delta-only changes; predict recred risk; auto-trigger the cycle	The delta is flagged; the committee re-approves
9	Payer Enrollment	the Operator orchestration / Rōvn adapters	CMS PECOS integration (TARGET)	Auto-fill CAQH / PECOS forms; detect enrollment gaps; predict payer response time; chase responses	Lower-priority roadmap item; form-fill, not decision-making
10	Audit + Export	Rōvn owns the chain / the Operator exports	Audit Trail Composer (PARTIAL)	Auto-generate the Joint Commission / CMS surveyor / NAMSS export; draft the audit narrative; flag compliance drift before the audit; answer auditor questions from the hash chain	The hash chain is the immutable proof; AI summarizes it, never alters it

Two roadmap items carry outsized weight:

Stage 2, network dedupe. The single strongest line in the pipeline: when an applicant already holds a Passport, time-to-credentialed collapses from weeks to seconds via cached replay. The growth flywheel showing up as an AI and data advantage no facility-silo competitor can match.
Stage 6, agentic AI, named. Autonomously chasing missing onboarding items is Rōvn's one true agentic loop. It is named as such deliberately, agentic AI a human still gates at the offer and hire decision.

8.1 Confidence routing: the operator spine

The roadmap above describes the Operator deepening from a workflow tool toward an AI operator that acts at every surface. The mechanism that keeps that safe is AI confidence routing: every operator action carries a calibrated confidence score, and the score plus the stakes of the action decide who acts. High confidence and low stakes → the Operator acts autonomously. Low confidence, or any hiring / credentialing / privileging / clinical stakes → routes to a human with the AI's reasoning and tier-labeled facts attached. This is the Golden Rule expressed as a routing rule, it lets the Operator prepare work everywhere without ever crossing the regulated-decision line. The Operator surface, the operator capabilities and their honest LIVE / PARTIAL / TARGET status, is detailed in the Operator product documentation and is not duplicated here.

Autonomous-action audit log, P0. Every autonomous action the Operator takes must log to the hash-chained audit log via the ai_runs ledger, capturing the AI's reasoning, confidence score, and the data it acted on. An autonomous operator without this log is an unauditable black box, and unauditable does not survive a GC procurement read. This is a launch-blocking requirement for any autonomous capability, consistent with the doctrine that every AI surface writes to ai_runs and every fact is replayable.

9. Compliance Posture

AI chain: AWS Bedrock under BAA → Anthropic Claude (Haiku 4.5) under BAA → Rōvn backend on ECS.
AWS BAA: executed. HIPAA-eligible architecture.
Drata: SOC 2 evidence collection in progress.
Persona, Checkr, WorkOS: sub-processor BAAs executed.
engineering partner under NDA: strategic partner engineering chassis HIPAA-aligned, zero violations in 10 years.

The full BAA registry lives in 04_compliance/BAA_REGISTRY.md. The HIPAA posture memo lives in 04_compliance/HIPAA_POSTURE_MEMO.md.

We claim HIPAA-aligned · BAA available. We do not claim HIPAA compliant or HIPAA certified, no authority issues either. SOC 2 Type II in progress (Drata-managed evidence); report target Q3 2027 after observation window.

10. Why the Doctrine Wins

Three reasons.

Procurement-safe by design. Hospital General Counsel read the Golden Rule and approve. Competitors marketing "AI-powered verification" get flagged. We get signed.
Auditable by replay. Every AI surface writes to ai_runs. Every fact carries a tier label. The hash-chained audit log replays the evidence chain on demand. CMS recoupment defense, Joint Commission / CMS surveyor PSV audits, NCQA reviews become button-presses.
Honest about the boundary. We never claim AI does what it cannot do. That honesty is the moat against the entire "AI-powered" marketing-veneer wave that will get flagged out of healthcare procurement in the next 18 months.

"Rōvn turns credentialing from a repeated cost into a reusable network asset."

The doctrine is how Rōvn realizes that compression without violating the regulatory regime. AI operates the workflow. Source systems prove the facts. Humans make every regulated decision.

Ask the AI agent about this section, the raise, compliance posture, or any cross-document question. Grounded in Rōvn's deep context, with on-page source citations.

AI queries route through AWS Bedrock under BAA · Anthropic Claude (Haiku 4.5) under BAA · zero-data-retention posture · no PHI in prompts.