r2-health-v1 — Profile for healthcare AI deployments
Extends R+2 for clinical decision support, EHR processing, telemedicine triage, and patient-facing agents. Aligns with HIPAA Security Rule, GDPR Article 9 (special category data), and DPDP §9 (sensitive personal data).
1. Purpose
Healthcare AI presents specific accountability challenges: patient safety, sensitive-data category restrictions, audit-by-regulator (FDA, EMA, CDSCO, MHRA), and informed-consent traceability. This profile extends R+2 to make all of these demonstrable rather than asserted.
2. Extension fields
| Extension key | Type | Description |
|---|---|---|
| health.patient_id_hash | string | SHA-256 of the patient identifier salted per-deployment. Never the raw MRN. Required when patient data is involved. |
| health.consent_artifact_uri | string | URI to the consent artifact under which the action was authorized. Typically fhir://Consent/{id} or equivalent. |
| health.clinical_role | string | The clinical role for whom the agent was acting (e.g., physician, nurse, radiologist, patient-self-service). |
| health.decision_class | string | One of: diagnostic-assist, treatment-recommendation, triage, documentation, scheduling, billing. Determines downstream regulatory scrutiny. |
| health.human_in_loop | boolean | True if a licensed clinician reviewed and authorized the action before it had effect. Required for diagnostic-assist and treatment-recommendation classes. |
| health.model_version | string | Version identifier of the model/policy used. Enables retrospective audit if a model is later recalled. |
| health.training_data_attestation | string | Hash linking to a published statement of the model's training data sources. Supports regulator inquiries into bias and provenance. |
| health.jurisdiction | string | Jurisdiction governing the action (e.g., US-CA, EU-DE, IN-MH). Determines applicable regulatory framework. |
3. action_type namespace
Healthcare actions use the health/* namespace:
health/diagnostic/*— AI-assisted diagnostic actionshealth/triage/*— symptom assessment and routinghealth/treatment/*— treatment recommendation, dosinghealth/documentation/*— clinical note generation, summarizationhealth/scheduling/*— appointment booking, follow-uphealth/billing/*— coding assistance, claims processinghealth/research/*— de-identified research operations
4. Compliance mapping
| Regulation | R+2 field satisfying it | Notes |
|---|---|---|
| HIPAA §164.312(b) Audit controls | Full receipt chain + R+3 export | Tamper-evident audit trail across all PHI processing. |
| HIPAA §164.502(b) Minimum necessary | extensions.health.decision_class | Class restricts the scope of PHI accessed for each action type. |
| HIPAA §164.508 Authorization | extensions.health.consent_artifact_uri | Every action ties to a specific authorization or consent. |
| GDPR Art. 9(2)(a) Explicit consent | extensions.health.consent_artifact_uri | Sensitive category processing requires linkable consent. |
| GDPR Art. 22 Automated decision-making | extensions.health.human_in_loop | Demonstrates human oversight for significant clinical decisions. |
| DPDP §9 Children's data + sensitive data | (combined with r2-gov-v1.gov.in.minor_data) | Healthcare receipts targeting Indian minors should also use the gov-in profile. |
| FDA Software as a Medical Device | extensions.health.model_version + .training_data_attestation | Audit-ready record of which model produced which output. |
| EU AI Act Annex III (high-risk) | Full receipt chain + R+3 logging | Healthcare AI is typically high-risk; full logging is mandatory. |
5. Air-gapped operation
Many hospital deployments require on-premise operation with no outbound connectivity. Conforming implementations MUST support:
- Local Postgres + pgvector storage of all receipts.
- Local key custody (HSM-backed for production, software-backed for development).
- Local embedding generation (fallback to local sentence-transformers when OpenAI is not permitted).
- Optional federation with a network-connected deployment for non-sensitive operations.
6. Special considerations for healthcare
De-identification: When the action operates on de-identified data, set extensions.health.patient_id_hash to the literal string "de-identified" rather than omitting it. This preserves auditability of the de-identification claim.
Emergency override: Some clinical workflows require break-glass access to PHI. The action_type health/emergency-override/* documents these events with full justification in action_data. All emergency overrides flow through the same R+2 chain and become permanent records.
Pediatric data: When the patient is a minor, set extensions.health.patient_id_hash with an additional "minor:" prefix in the salt to distinguish in downstream audits. Combine with the r2-gov-v1 profile if operating in India.
7. Adoption pathway
- Begin with documentation-class actions (lowest regulatory risk) — clinical note summarization, scheduling assistance.
- Expand to triage-class with human-in-loop.
- Add diagnostic-assist with full clinical validation studies.
- Only consider treatment-recommendation class after regulatory clearance pathway is established.
DCS Labs offers an "r2-health Implementation Partner" program for hospital systems considering adoption — pre-MSA technical consultation at no cost. Contact [email protected].
Contact
Editorial: [email protected]
Healthcare partnerships: same address, prefix subject with "[Health]"