Skip to main content
Feature ID: PM-64 Status: 📋 Specification (pre-implementation) Spec: PM-64 AI Coding Assistant v1.3 Companion: PM-64-CONTEXT.md Compliance gate: PM-64-COMPLIANCE-SIGNOFF.md (CONDITIONAL PASS — see signoff for outstanding items) Last Updated: 2026-05-04

Overview

PM-64 turns a finalized clinical note into suggested ICD-10 / CPT / HCPCS codes, modifiers, and E&M level for a coder to accept, edit, or reject. All AI calls go through an edge function, follow the canonical RAG / no-PHI-to-LLM pattern (GR-06-EN-01), and respect jurisdiction-specific rules from PF-96. Suggest-not-execute: the coder makes every coding decision; AI never writes a charge directly.

Integration Points


Event Contracts

PHI rule: Zero free-text narrative in any payload. IDs and structured metadata only. Subscribers needing note context must read via a service-role Supabase client inside their edge function and PHI-redact before any LLM call.

Edge Functions


Cross-Core Boundary Rules

  • No direct CL imports from frontend. Note context is fetched inside the edge function via a service-role Supabase client and PHI-redacted before LLM use; no @/platform/clinical dependency is required.
  • No direct PM-07 writes from PM-64. Coder accept action invokes the standard PM-07 charge mutation.
  • Cross-core columns (encounter_idpm_encounters.id, note_idcl_clinical_notes.id) are UUID-only with column comments per ADR-002; no database FK.
  • 42 CFR Part 2: When sud_flag=true on the consumed event, PM-64 enforces the stricter redaction profile and verifies CL-11 consent permits AI processing before any LLM call.
  • Jurisdiction: All coding rules read from pf_resolve_jurisdiction_profile() — no Arizona/AHCCCS hardcoding (PF-96).

Security & PHI Boundary

  1. PHI redaction is fail-closed. If the redaction utility throws, returns low confidence, or is unavailable, the LLM call is skipped and no suggestion is produced (FR-002).
  2. Audit trail is immutable. RLS forbids DELETE on both pm_ai_coding_suggestions and pm_ai_coding_suggestion_audits (NFR-004 7-year retention; HIPAA Security Rule §164.316).
  3. Suggest-not-execute at every layer — DB, edge function, UI, and event payload (no auto-accept fields).
  4. Vendor BAA required before any production traffic (SC-005); enforced by feature flag.
  5. Cost cap per tenant in pm_module_settings (default $0.05/suggestion); circuit breaker on overrun.

Open Items / Blockers

  • ☐ Compliance signoff (0/20 items signed) — Wave 5 hard gate
  • ☐ Platform PHI redaction utility (does not exist in src/platform/) — recommend new PF spec
  • ☐ LLM vendor BAA procurement (Anthropic via AWS Bedrock recommended in CONTEXT.md)

References