IBA CLINICAL RUNTIME:ACTIVE
PATIENTS PROTECTED TODAY:3,847
HIPAA VIOLATIONS BLOCKED:7
CONSENT SCOPE CHECKS:12,441
NIST-2025-0035:FILED · mls-ubpf-pryy
PATENT:GB2603013.0
OUT-OF-SCOPE PRESCRIPTIONS BLOCKED:3
VALIDATION TIME:<5MS
IBA CLINICAL RUNTIME:ACTIVE
PATIENTS PROTECTED TODAY:3,847
HIPAA VIOLATIONS BLOCKED:7
CONSENT SCOPE CHECKS:12,441
NIST-2025-0035:FILED · mls-ubpf-pryy
PATENT:GB2603013.0
OUT-OF-SCOPE PRESCRIPTIONS BLOCKED:3
VALIDATION TIME:<5MS
HEALTH
INTENT-BOUNDED AUTHORIZATION · CLINICAL AI
THE PATIENT
CANNOT
WAIT FOR
A POLICY.
When a clinical AI agent acts — recommending a drug, accessing a record, ordering a test — it is making a decision that affects a human life. That decision must be cryptographically bounded by signed clinical protocol. Every time. Without exception.
<5ms
VALIDATION TIME
100%
ACTIONS COVERED
0
HIPAA BREACHES PASS
PATIENT MONITOR — IBA AUTHORIZATION LAYER ACTIVE
IBA ENGINE
ACTIVE · 1.8ms
CONSENT SCOPE
CARDIO · VERIFIED
PROTOCOL HASH
0xa3f7…SIGNED
LAST ACTION
⊘ Rx BLOCKED
01
THE CLINICAL AI AUTHORIZATION PROBLEM
ABA 517 FOR MEDICINE
The Clinician Is Liable. Not The Vendor.
When a clinical AI recommends a drug, interprets a scan, or accesses a patient record, the physician supervising that AI is professionally and legally responsible for the action. Not the platform. Not the algorithm. The clinician — personally, before the medical board. The question isn’t whether to use clinical AI. The question is whether you can prove it stayed within the signed clinical protocol.
- ✗AI recommending outside the signed therapeutic scope
- ✗Diagnostic agent accessing data beyond patient consent boundary
- ✗Drug interaction check querying unauthorised external databases
- ✗No cryptographic audit trail for regulatory review
THE AUTHORIZATION VACUUM
Probabilistic Is Not Good Enough In Medicine.
Every clinical AI system today answers the authorization question the same way: it asks the model. The model infers from context what the clinician probably intends. That inference is probabilistic. In a drug interaction check, probabilistic means a patient could be harmed before an error is caught. HIPAA requires verifiable protection of patient data — not contextual inference. IBA makes clinical AI authorization cryptographically certain, not contextually probable.
THE HIPAA GAP
“Can you prove the clinical AI accessed only what the patient consented to, and nothing beyond the signed therapeutic scope?”
No current clinical AI platform has a formal, cryptographically verifiable answer.
No current clinical AI platform has a formal, cryptographically verifiable answer.
// IBA CLINICAL AUTHORIZATION FUNCTION · PATENT GB2603013.0
Authorization(ClinicalAgent, Action, PatientRecord, Time)
= f(SignedProtocol, ConsentScope, TemporalDecay)
= f(SignedProtocol, ConsentScope, TemporalDecay)
In clinical terms: what the clinician signed, whether the AI action falls within patient consent scope, and whether the authorization is still temporally valid.
02
LIVE DEMO — IBA IN THE CLINIC
IBA CLINICAL RUNTIME · v1.0
AUTHORIZATION ENGINE · PATENT GB2603013.0
SYSTEM ACTIVE
CONSENT: VERIFIED
Rx BLOCKED
HIPAA: ENFORCED
–:–:–
SELECT CLINICAL SCENARIO
SELECT A SCENARIO TO RUN AUTHORIZATION CHECK
SCENARIO: CLINICAL AI · OUT-OF-SCOPE PRESCRIPTION ATTEMPT
✦ CLINICIAN-SIGNED PROTOCOL · HASH 0xa3f7…
“Manage Patient 4471’s hypertension using approved antihypertensive formulary only. Scope: ACE inhibitors, ARBs, calcium channel blockers. Exclude all psychiatric, oncological, and controlled substance classes. Consent: cardiovascular management only.”
CLINICAL ACTION TRAJECTORY
Review current antihypertensive medication list✓ WITHIN SCOPE
Check BP readings from last 14 days — trend analysis✓ WITHIN SCOPE
Recommend Alprazolam 0.5mg for anxiety co-morbidity → controlled substance⊘ BLOCKED
OUT-OF-SCOPE PRESCRIPTION — BLOCKED 2.1ms
The recommended medication falls outside the signed therapeutic scope. Alprazolam is a controlled benzodiazepine — explicitly excluded from the signed protocol. The AI cannot prescribe outside its authorization boundary regardless of clinical inference. Action blocked before any prescription was generated. Incident flagged for physician review.
IMMUTABLE CLINICAL AUDIT ENTRY · HIPAA COMPLIANT
2026-02-19T09:14:22Z · AGENT: ClinicalAI-v2 · ACTION: prescribe · DRUG: Alprazolam 0.5mg
PROTOCOL_HASH: 0xa3f7c2b1 · VERDICT: BLOCKED · SCOPE: cardiovascular_only
REASON: Controlled substance class · Outside signed therapeutic scope · Physician notified
CHAIN: sha256:a3f7c2b14e9d8f5a6c3b2e7d4a1f8c5e3b9a2d7f4c1e8b5a3d2f9c6b4e1a8d5f
SCENARIO: DIAGNOSTIC AI · UNAUTHORISED RECORD ACCESS ATTEMPT
✦ CLINICIAN-SIGNED PROTOCOL · HASH 0xb2c8…
“Analyse Patient 4471’s cardiac imaging from this admission only. Access: current admission records, signed consent scope. Do not access historical psychiatric records, family member records, or external health systems.”
CLINICAL ACTION TRAJECTORY
Access current admission ECG — patient 4471, admitted 2026-02-19✓ WITHIN SCOPE
Retrieve current admission echocardiogram results✓ WITHIN SCOPE
Access psychiatric_records_2019-2024.ehr → outside consent scope⊘ BLOCKED
HIPAA VIOLATION BLOCKED — 1.6ms
The diagnostic AI attempted to access historical psychiatric records outside the signed consent scope. Patient 4471 consented to cardiac imaging analysis for this admission only. IBA blocked the access before any data was retrieved — HIPAA protected health information was never exposed. The access attempt is logged to the immutable audit trail.
IMMUTABLE HIPAA AUDIT ENTRY · §164.514 COMPLIANT
2026-02-19T11:33:07Z · AGENT: DiagnosticAI · ACTION: record_access · FILE: psychiatric_records_2019-2024
CONSENT_HASH: 0xb2c8f1a3 · VERDICT: BLOCKED · REASON: outside_consent_scope
HIPAA: PHI never accessed · Breach prevented · Incident logged for compliance review
CHAIN: sha256:b2c8f1a37e4d9c5b3a2f8e1d4b7c3a9f2e5d8b1c4a7f3e6d9b2c5a8f1e4d7b3c
SCENARIO: RESEARCH AI · PATIENT CONSENT BOUNDARY BREACH
✦ CLINICIAN-SIGNED PROTOCOL · HASH 0xc4d1…
“Aggregate anonymised cardiac outcome data for research study CARDIO-2026-R4. Use only: anonymised admission records, consented cohort only. Do not de-anonymise, do not cross-reference with external datasets, do not access records outside the consented research cohort.”
CLINICAL ACTION TRAJECTORY
Query anonymised cardiac outcomes — consented cohort 847 patients✓ WITHIN SCOPE
Aggregate 30-day readmission rates by treatment protocol✓ WITHIN SCOPE
Cross-reference with NHS national dataset → de-anonymisation risk⊘ BLOCKED
CONSENT BOUNDARY BREACH — BLOCKED 1.9ms
Cross-referencing anonymised cohort data with the NHS national dataset creates a trajectory that could de-anonymise patients — violating the research consent boundary. IBA identified this at the trajectory level: individually, each step appeared legitimate. The combined path violated the consent scope. Action blocked before any cross-reference query was issued.
IMMUTABLE RESEARCH AUDIT ENTRY · ICO COMPLIANT
2026-02-19T14:52:31Z · AGENT: ResearchAI · ACTION: cross_reference · TARGET: NHS_national_dataset
CONSENT_HASH: 0xc4d1a8f2 · VERDICT: BLOCKED · REASON: de-anonymisation_trajectory
RISK: 847 patients protected · No cross-reference issued · ICO incident report generated
CHAIN: sha256:c4d1a8f23b7e5c9a1d4f2e8b5c3a7f1d4e9b2c6a3f8d1e5b7c4a2f9d6e3b1c8a
SCENARIO: DIAGNOSTIC AI · AUTHORISED CARDIAC ANALYSIS
✦ CLINICIAN-SIGNED PROTOCOL · HASH 0xa3f7…
“Analyse Patient 4471 ECG and echo data from current admission. Identify arrhythmia risk factors. Recommend within approved cardiology intervention scope. Use current admission data only.”
CLINICAL ACTION TRAJECTORY
Load ECG data — Patient 4471 · current admission · 2026-02-19✓ WITHIN SCOPE
Analyse QT interval, ST segments, PR intervals — arrhythmia screening✓ WITHIN SCOPE
Flag QTc prolongation 468ms — recommend cardiology review within 4h✓ WITHIN SCOPE
IMMUTABLE CLINICAL AUDIT ENTRY · AUTHORIZED
2026-02-19T09:44:18Z · AGENT: DiagnosticAI · ACTION: ecg_analysis · PATIENT: 4471 (anonymised)
PROTOCOL_HASH: 0xa3f7c2b1 · AUTH_SCORE: 0.96 · VERDICT: AUTHORIZED
FINDING: QTc 468ms · Cardiology referral generated · Current admission data only · No PHI exposed
CHAIN: sha256:a3f7c2b19e4d5f8c3b1a7e4d8f5c2b9a3e7d1f4c8b5a2e9d6f3c1b8a5e2d9f7c
SCENARIO: PHARMACY AI · AUTHORISED DRUG INTERACTION CHECK
✦ CLINICIAN-SIGNED PROTOCOL · HASH 0xa3f7…
“Check drug interaction safety for Patient 4471’s current antihypertensive regimen. Use approved hospital formulary database only. Flag any interaction with existing medications on current admission record.”
CLINICAL ACTION TRAJECTORY
Load current medication list — 3 drugs · current admission✓ WITHIN SCOPE
Query approved hospital formulary for interaction matrix✓ WITHIN SCOPE
Report: Amlodipine + Lisinopril — safe combination · No interactions detected✓ WITHIN SCOPE
IMMUTABLE PHARMACY AUDIT ENTRY · AUTHORIZED
2026-02-19T13:21:44Z · AGENT: PharmacyAI · ACTION: interaction_check · DRUGS: 3 · SOURCE: hospital_formulary
PROTOCOL_HASH: 0xa3f7c2b1 · AUTH_SCORE: 0.98 · VERDICT: AUTHORIZED · RESULT: no_interactions
SCOPE: Internal formulary only · No external query · Current admission · HIPAA maintained
CHAIN: sha256:f9c2b1a37e4d8c5b3a1f7e4d9c5b2a8f1e7d4c3b9a6f2e5d8c1b4a7f3e6d9c2b
03
REGULATORY ALIGNMENT
HIPAA §164.514
IBA enforces the minimum necessary standard at the authorization layer — clinical AI can only access PHI within the signed consent scope. Every access decision is cryptographically logged for OCR review.
PHI PROTECTION · ACCESS CONTROL · AUDIT TRAIL
EU AI ACT — HIGH RISK
Clinical AI is explicitly classified as high-risk under the EU AI Act. IBA provides the transparency, human oversight, and immutable audit trails the Act mandates — built into the authorization function.
ARTICLE 13 · TRANSPARENCY · HUMAN OVERSIGHT
NIST AI STANDARDS
IBA is formally submitted to NIST-2025-0035. Clinical deployments using IBA are aligned with the federal AI agent authorization standard before it becomes mandatory in healthcare settings.
NIST-2025-0035 · mls-ubpf-pryy
FDA SaMD GUIDANCE
Software as a Medical Device requires demonstrated safety boundaries. IBA provides cryptographic proof that clinical AI cannot act outside its validated, approved scope — meeting FDA SaMD safety intent.
SAMD · CLINICAL DECISION SUPPORT · SAFETY
ICO & GDPR HEALTH DATA
GDPR Article 9 special category protections for health data require demonstrable access control. IBA’s consent-scope enforcement provides the cryptographic evidence regulators require.
ARTICLE 9 · SPECIAL CATEGORY · CONSENT SCOPE
MODEL-AGNOSTIC
IBA wraps any clinical AI — proprietary diagnostic systems, LLM-based clinical assistants, or pharmacy automation. Changing AI vendors or models does not affect your compliance posture.
VENDOR INDEPENDENT · PATENT GB2603013.0
CLINICAL AI THAT CANNOT ACT OUTSIDE ITS MANDATE
THE PATIENT
DESERVES CERTAINTY.
IBA makes clinical AI authorization cryptographically provable — not contextually probable. One conversation with the engineering team. Zero risk to clinical architecture.