Accreditation & Compliance

Regulatory Strategy

FDA alignment, HIPAA compliance, GDPR readiness, and local healthcare regulation compliance. Three-layer regulatory alignment ensures Regain's AI satisfies oversight requirements from device clearance through facility-level validation.

Core Principle: Regain does not exist in a regulatory vacuum. Three layers of healthcare AI oversight are emerging simultaneously. Popper is designed to satisfy or support all three -- not just the one where Regain has the closest relationship.

Three-Layer Regulatory Alignment

Healthcare AI oversight operates across three distinct layers. Each layer has different institutions, different requirements, and different things they care about. A compliant system must be coherent across all three.

1

Layer 1: Device / Regulatory / Evidence

Who: FDA (CDRH), CMS
Key Question: Is this AI product safe and effective as a device?

Requirement	How Regain Addresses It
Regulatory Classification	Popper supervises decisions rather than making them. De Novo pathway for "clinical AI safety supervisor" (no predicate device).
No LLM in Safety Path	Popper uses deterministic policy evaluation (Safety DSL). No machine learning in the decision loop.
Defined Intended Use	Supervision of clinical AI proposals in cardiovascular care. Returns APPROVED / HARD_STOP / ROUTE_TO_CLINICIAN / REQUEST_MORE_INFO.
Post-Market Surveillance	Drift detection with baselines and thresholds. Audit trail with trace-linked events. Incident tracking.
Clinical Safety Evidence	68-vignette pre-clinical benchmark designed by CSO. Validation protocol documented.

2

Layer 2: Organizational AI Governance

Who: URAC, Joint Commission (via CHAI), NCQA
Key Question: Does the facility have AI governance policies and oversight structures?

Requirement	How Popper Helps Facilities
Documented AI Oversight	Popper's audit trail provides documented evidence that AI outputs are independently supervised. Structured decision logs for governance committees.
Risk Assessment Evidence	Drift detection surfaces anomalies. Safe-mode provides documented response. Incident tracking records threshold breaches.
Lifecycle Management	Per-organization policy packs are versioned. Policy lifecycle plugin manages pack loading, updates, and retirement.
Vendor Management	Multi-tenant architecture with per-organization scope. Hermes contracts are vendor-agnostic by design.

Layer 2 limitation: URAC and JC/CHAI verify that governance structures exist. They do not verify that AI is producing clinically accurate results. A facility can have a perfect governance committee and still run AI that systematically underperforms. Layer 2 checks the org chart. Layer 3 checks the clinical output.

3

Layer 3: Clinical-Depth / Facility-Level Validation

Who: IAC (cardiovascular), ACR (radiology -- ARCH-AI recognition program)
Key Question: Is this AI tool producing accurate results on this facility's patient population?

Requirement	How Regain Supports It
Site-Specific Accuracy	Pre-deployment validation protocol with facility-representative patient samples.
Published Benchmarks	Performance measured against recognized clinical guidelines with documented results.
Ongoing Monitoring	Continuous performance tracking with threshold enforcement and automatic safe-mode.
Override Tracking	Every clinician override recorded with structured rationale for retrospective analysis.

Compliance Readiness

Beyond the three-layer model, Regain maintains compliance readiness across major regulatory frameworks that apply to healthcare AI systems.

HIPAA Compliance

PHI redaction in audit trails. De-identified subject IDs in supervision requests. Separate access controls between systems. BAA-ready architecture.

GDPR Readiness

Data minimization in supervision contracts. Explainability through glass-box reports. Audit trail enables right-of-access requests. Architecture supports data residency requirements.

FDA Alignment

Pursuing De Novo authorization (TA1) and MDDT qualification (TA2). Deterministic safety path supports regulatory review. Complete audit trail for 510(k) submission readiness.

Local Healthcare Regulation

Per-organization policy packs adapt to local regulatory requirements. Multi-tenant architecture supports jurisdiction-specific rules. Hermes contracts are regulation-agnostic.

Dual-Track FDA Pathway

Regain pursues two parallel regulatory pathways, one for each agent, reflecting their fundamentally different architectures and risk profiles.

TA1: Deutsch -- De Novo Authorization (SaMD) Clinical Agent

Deutsch is a clinical reasoning engine (Software as a Medical Device). It generates diagnoses and treatment proposals. The De Novo pathway is appropriate because there is no predicate device for an agentic AI clinical reasoning system.

Milestone	Status
Pre-clinical benchmark (68 vignettes)	Complete
Validation site (UIC)	LOI Signed
Pre-submission meeting with FDA	Planned
De Novo submission	Post-validation

TA2: Popper -- MDDT Qualification (NAM) Safety Supervisor

Popper is a supervisory tool (not a clinical decision-maker). The MDDT (Medical Device Development Tool) qualification pathway positions Popper as a validated safety assessment methodology that any clinical AI can use.

Advantage	Detail
Deterministic Pipeline	No ML in the safety-critical path. Complete reproducibility for regulatory review.
Vendor-Agnostic	Hermes contracts are open-source (Apache 2.0). Any TA1 agent can integrate.
Multi-Vendor Support	Facilities can use Popper to supervise multiple AI vendors through one governance interface.
Accreditation Alignment	Directly addresses IAC governance Categories 2, 3, and 4. Supports URAC and JC/CHAI requirements.