ClearPulse
Healthcare Intelligence Pipeline
PIPELINE ONLINE trace_id propagation: 100% v2026.06.01
Project ClearPulse · NEXUS-Med Command Surface

From a single FHIR bundle to an explainable, audit-grade alert — with the trace preserved end to end.

ClearPulse converges billing anomalies, user-behavior signals, and at-rest PHI exposures into one streaming intelligence pipeline. Every risk score can be unpacked back to the original byte that triggered it.

Events / sec
LIVE
1,284
Stream throughput
Risk Index
15-MIN AVG
42/ 100
Population mean
Active Alerts
OPEN
7incidents
127 contributing events
PHI Exposure (24h)
SCAN
3files
Compliance auto-scan
Pipeline · trace_id flow
FHIR → DASHBOARD
01 · INGEST
Parser
FHIR / HL7 / 837 validate, assign UUID7 trace_id, write Parquet ledger.
02 · STREAM
Redis
stream:tx:new and stream:access — at-least-once, replayable.
03 · SCORE
Risk Engine
Sliding 15-min window overlap, weighted rules, Risk Envelope emit.
04 · BEHAVIOR
Access Engine
Bloom + HLL sketches, per-user Z-score volume anomaly.
05 · CORRELATE
Alert Router
Dedupe, link access spikes to billing collisions, persist.
06 · ANALYST
NEXUS-Med
Live triage, alert map, full forensic replay to source bytes.
Trace ID: UUID7 Window: 15 min Audit chain: SHA-256 Throughput: 1.2k eps Compliance scan: 10-min cycle
Live Triage Feed
stream:tx:scored
09:10:24 Billing collision · MRI ⨯ Consultation · P-9912 trace=def456 CRITICAL 78
09:10:23 Retro-score upgrade · MRI claim P-9912 trace=abc123 CRITICAL 78
09:08:11 Access spike · Derm nurse · 41 unique MRNs / 1h trace=7e91c2 HIGH 64
09:04:47 Off-hours claim submission · Cardiology · DR-118 trace=22ab9d MEDIUM 38
09:02:30 Routine encounter · ED triage P-7720 trace=01f4ee LOW 12
09:01:09 Lab order · Hematology panel · P-3392 trace=ccd771 LOW 6
Risk Envelope · def456
EXPLAINABLE
{
  "trace_id": "018f9b2e-7c41-7a40-ae21-f9c2d2c43e1a",
  "score": 78,
  "severity": "CRITICAL",
  "factors": {
    "temporal_overlap": 40,  // ratio 0.71
    "access_spike":     28,  // z = 4.3
    "off_hours":        10
  },
  "triggers": [
    { "type": "claim", "id": "abc123", "cpt": "73721" },
    { "type": "claim", "id": "def456", "cpt": "99213" }
  ],
  "rule_version": "2026.06.01",
  "ledger_hash":  "sha256:9af3…e21c"
}
Enterprise Maturity
CURRENT → TARGET
Ingestion
9.0
Streaming
9.0
Explainability
10
Compliance
9.0
Fraud Detection
8.0
Insider Threat
8.0
Forensic Readiness
8.0
ML Capability
5.0
Graph Intelligence
4.0
Strengthening Roadmap
→ 9.5+ TIER
Entity Resolution
MPI + provider identity reconciliation across MRN, GUID, and source-system IDs.
Graph Correlation
Neo4j / Memgraph for fraud-ring discovery and shared-workstation collusion.
Hybrid ML Scoring
0.7 · rules + 0.3 · Isolation Forest / XGBoost — novel patterns, kept explainable.
Incident Aggregation
1 incident · N events. Risk decay tames the alert firehose.
Cryptographic Audit Chain
SHA-256 hash-linked ledger — tamper-evident, litigation-grade.
Horizon 2030 · Advanced Capability Layer
PQC · FL · TEE · ZK · AGENTIC

A forward-deployment stack that takes ClearPulse from "9.5+ enterprise tier" to sovereign-grade healthcare intelligence — quantum-safe, privacy-preserving, autonomously investigated, and field-verifiable.

Quantum-Safe Audit Chain
PQC
SHA-256 ledger upgraded to SHA3-512 + ML-DSA (Dilithium) signatures, NIST FIPS-204. Every ledger block carries a post-quantum signature; HSMs rotate keys under a CRYSTALS-Kyber KEM. Future "harvest-now, decrypt-later" attacks against 30-year retention archives are neutralized.
Sig: ML-DSA-65 KEM: ML-KEM-768 Hash: SHA3-512
Federated Learning Mesh
FL · DP
Hospitals train fraud and snooping models without sharing PHI. Gradients are clipped, perturbed with (ε=2.5, δ=1e-6) differential privacy, and aggregated via secure-aggregation (Paillier + masking). The global model improves across 200+ facilities; the data never leaves the edge.
Privacy: ε 2.5 Aggregator: SecAgg+ Rounds/day: 24
Confidential Compute Enclave
TEE
Risk Engine pinned inside Intel TDX / AMD SEV-SNP trusted execution environments. PHI is decrypted only inside the enclave; remote attestation proves to the hospital that the running binary matches a signed transparency-log entry before any record is forwarded.
Attestation: RA-TLS Transparency: Sigstore Memory: Sealed
Agentic Investigator Copilot
LLM AGENT
Each CRITICAL alert spawns a SOC agent that auto-drafts a forensic timeline, pulls related access events, queries the graph DB for collusion patterns, generates analyst questions, and proposes containment actions — all with citations back to ledger trace_ids. Analysts review, never start from blank.
Tools: 14 Citations: mandatory Human-in-loop: always
Zero-Knowledge Audit Proofs
ZK-SNARK
Auditors verify "this risk score was produced by approved rule v2030.06 against a ledger-anchored event" without seeing the underlying PHI. Proofs are Halo2-compiled circuits over the rules engine; regulators run a 200ms verifier and get cryptographic certainty.
Scheme: Halo2 / Plonk Verify: < 250 ms Proof size: 8 KB
Graph Neural Risk Brain
GNN
Temporal Graph Network over Provider · Patient · Claim · Workstation · Device nodes. Detects fraud rings invisible to row-based scoring — repeating subgraphs across weeks, shared-device collusion, money-mule provider chains. Streamed inference at < 80 ms / event.
Model: TGN Nodes: 12M Inference: 80 ms
Synthetic Data Twin
RED-TEAM
A continuously-running shadow pipeline replays a GAN-generated patient population with planted fraud scenarios. Detection coverage is measured per rule, per model, per shift — providing live MTTD/MTTR metrics and red-team regressions without touching real patients.
Generator: Synthea-X Scenarios: 340 MTTD: 11 s
Edge Inference at PoC
EDGE · NPU
ONNX-Runtime risk model runs on the workstation NPU at the point of care. Provider-side checks (off-roster billing, unusual code pair) trigger inline soft-blocks before submission — preventing fraud at the source instead of detecting it downstream.
Runtime: ORT-NPU Latency: 4 ms Offline: yes
Sovereign Data Plane
REGION
Region-pinned control plane with cross-border policy guards. HIPAA, EU GDPR Art.9, UK DSPT, Canada PIPEDA, AU My Health Records — each route through the pipeline is policy-checked at the bridge. Replication never crosses a jurisdiction without an explicit signed policy attestation.
Policies: OPA / Rego Regions: 9 Audit: per-route
© ClearGlass Inc · ClearPulse Pipeline · 2026
architecture whitepaper → · ← back to ClearGlass