HarnessHealth

The governance model.

How physician oversight is structured, enforced, and audited across the HarnessHealth ecosystem.

Section 1: Principles

Principle 1

No AI output with clinical content reaches a patient without a licensed physician review. Clinical content is defined as: direct patient recommendations, medication mentions, diagnosis or differential language, care plan content, and billing code assignments.

Principle 2

Physician authority is tracked and has limits. Volume above a threshold that would preclude genuine review (defined as an average review time below 90 seconds per document) is flagged and blocked by the system.

Principle 3

The reviewing physician's identity — NPI number, timestamp, review duration — is permanently attached to every attested document. This record is immutable and cryptographically linked to the document hash.

Principle 4

The governance framework is designed to satisfy Joint Commission, OIG, and CMS oversight requirements. It is not designed for regulatory arbitrage. Where the framework does not provide coverage, that gap is disclosed.

Section 2: The Attestation Chain

Full chain of custody for a clinical document from AI generation through physician attestation to delivery.

1
Generation
  • Document type (LMN, prior auth, care plan, SOAP)
  • AI model used
  • Underlying patient data reference hash
  • Confidence flags for low-certainty content
  • Attestation required: true/false
2
Queue entry
  • Queue timestamp (UTC)
  • Assigned reviewer specialty
  • Estimated complexity rating
  • Previous attestation history for document type
  • Authority budget check: reviewer has sufficient remaining budget
3
Review
  • Review start timestamp
  • Reviewer NPI
  • Review duration (seconds)
  • Decision: approved / approved with edits / rejected
  • Edit diff (if any)
4
Attestation
  • Attestation token generated
  • Document SHA-256 hash
  • Reviewer NPI (immutable)
  • Timestamp (UTC, immutable)
  • Authority consumption decrement applied
  • Audit log entry written
5
Delivery
  • Document delivered to requesting application
  • Attestation token included in response
  • Token available for independent verification at harnesshealth.ai/api/verify

Section 3: Regulatory Alignment

OIG Advisory Opinion AO 25-03

Physician supervision model. Compensation to reviewing physicians is flat per-attestation, not percentage-based, not tied to referral volume or downstream revenue. This structure is designed to avoid Anti-Kickback Statute exposure under the incident-to billing framework.

Anti-Kickback Statute (AKS) / Stark

No referral arrangement is created by the attestation relationship. Reviewing physicians are compensated for a specific, documentable service (document review). The compensation structure is consistent with fair market value for the time and expertise provided.

CMS RTM (CPT 98975-98981)

$51/patient/month. Requires physician oversight. The attestation system provides documented physician oversight for PROM data review. FDA device registration in process for RTM-applicable PROM collection tools.

CCM / PCM Billing

Chronic Care Management and Principal Care Management billing is anchored to an active patient relationship with a licensed physician. Josh Emdur, DO (altru.care) serves as the primary clinical anchor for the initial co-op.care and CareGoals deployments.

Section 4: What Is Not Covered

The following areas are not fully addressed by the current governance framework. Deploying organizations should conduct independent legal and compliance review:

  • Formal HIPAA Security Risk Assessment — in process, expected Q2 2026
  • Penetration test report — in schedule
  • FDA device registration for RTM-applicable PROM collection — in process
  • State-specific telehealth and medical practice regulations (varies by state)
  • Malpractice coverage confirmation for individual reviewing physicians
  • HSA/FSA eligibility determination via LMN — independent legal opinion required before scaling