Live Triage Feed
stream:tx:scored
09:10:24
Billing collision · MRI ⨯ Consultation · P-9912 trace=def456
CRITICAL
78
09:10:23
Retro-score upgrade · MRI claim P-9912 trace=abc123
CRITICAL
78
09:08:11
Access spike · Derm nurse · 41 unique MRNs / 1h trace=7e91c2
HIGH
64
09:04:47
Off-hours claim submission · Cardiology · DR-118 trace=22ab9d
MEDIUM
38
09:02:30
Routine encounter · ED triage P-7720 trace=01f4ee
LOW
12
09:01:09
Lab order · Hematology panel · P-3392 trace=ccd771
LOW
6
Risk Envelope · def456
EXPLAINABLE
{
"trace_id": "018f9b2e-7c41-7a40-ae21-f9c2d2c43e1a",
"score": 78,
"severity": "CRITICAL",
"factors": {
"temporal_overlap": 40, // ratio 0.71
"access_spike": 28, // z = 4.3
"off_hours": 10
},
"triggers": [
{ "type": "claim", "id": "abc123", "cpt": "73721" },
{ "type": "claim", "id": "def456", "cpt": "99213" }
],
"rule_version": "2026.06.01",
"ledger_hash": "sha256:9af3…e21c"
}
Quantum-Safe Audit Chain
PQC
SHA-256 ledger upgraded to SHA3-512 + ML-DSA (Dilithium) signatures, NIST FIPS-204. Every ledger block carries a post-quantum signature; HSMs rotate keys under a CRYSTALS-Kyber KEM. Future "harvest-now, decrypt-later" attacks against 30-year retention archives are neutralized.
Sig: ML-DSA-65
KEM: ML-KEM-768
Hash: SHA3-512
Federated Learning Mesh
FL · DP
Hospitals train fraud and snooping models without sharing PHI. Gradients are clipped, perturbed with (ε=2.5, δ=1e-6) differential privacy, and aggregated via secure-aggregation (Paillier + masking). The global model improves across 200+ facilities; the data never leaves the edge.
Privacy: ε 2.5
Aggregator: SecAgg+
Rounds/day: 24
Confidential Compute Enclave
TEE
Risk Engine pinned inside Intel TDX / AMD SEV-SNP trusted execution environments. PHI is decrypted only inside the enclave; remote attestation proves to the hospital that the running binary matches a signed transparency-log entry before any record is forwarded.
Attestation: RA-TLS
Transparency: Sigstore
Memory: Sealed
Agentic Investigator Copilot
LLM AGENT
Each CRITICAL alert spawns a SOC agent that auto-drafts a forensic timeline, pulls related access events, queries the graph DB for collusion patterns, generates analyst questions, and proposes containment actions — all with citations back to ledger trace_ids. Analysts review, never start from blank.
Tools: 14
Citations: mandatory
Human-in-loop: always
Zero-Knowledge Audit Proofs
ZK-SNARK
Auditors verify "this risk score was produced by approved rule v2030.06 against a ledger-anchored event" without seeing the underlying PHI. Proofs are Halo2-compiled circuits over the rules engine; regulators run a 200ms verifier and get cryptographic certainty.
Scheme: Halo2 / Plonk
Verify: < 250 ms
Proof size: 8 KB
Graph Neural Risk Brain
GNN
Temporal Graph Network over Provider · Patient · Claim · Workstation · Device nodes. Detects fraud rings invisible to row-based scoring — repeating subgraphs across weeks, shared-device collusion, money-mule provider chains. Streamed inference at < 80 ms / event.
Model: TGN
Nodes: 12M
Inference: 80 ms
Synthetic Data Twin
RED-TEAM
A continuously-running shadow pipeline replays a GAN-generated patient population with planted fraud scenarios. Detection coverage is measured per rule, per model, per shift — providing live MTTD/MTTR metrics and red-team regressions without touching real patients.
Generator: Synthea-X
Scenarios: 340
MTTD: 11 s
Edge Inference at PoC
EDGE · NPU
ONNX-Runtime risk model runs on the workstation NPU at the point of care. Provider-side checks (off-roster billing, unusual code pair) trigger inline soft-blocks before submission — preventing fraud at the source instead of detecting it downstream.
Runtime: ORT-NPU
Latency: 4 ms
Offline: yes
Sovereign Data Plane
REGION
Region-pinned control plane with cross-border policy guards. HIPAA, EU GDPR Art.9, UK DSPT, Canada PIPEDA, AU My Health Records — each route through the pipeline is policy-checked at the bridge. Replication never crosses a jurisdiction without an explicit signed policy attestation.
Policies: OPA / Rego
Regions: 9
Audit: per-route