Accreditation & Compliance

Safety Architecture

Popper's APPROVE / ROUTE / HARD_STOP pipeline. How safety rules become executable policy, enforced deterministically at every clinical decision point.

Core Principle: Popper uses deterministic policy evaluation -- not machine learning. Seven safety gates, 47ms median latency. No model drift, no hallucination. Complete reproducibility.

The APPROVE / ROUTE / HARD_STOP Pipeline

1

Supervision Request Arrives

Deutsch (TA1) completes clinical reasoning and packages a proposal as a SupervisionRequest via the Hermes contract. The request includes: proposed intervention type, severity, clinical domain, de-identified subject ID, and trace ID.

Hermes validators reject malformed requests before they reach evaluation logic. Supervision coverage cannot silently degrade.

2

Seven Safety Gates

Popper evaluates the proposal through a deterministic pipeline of safety rules encoded as executable policy (Safety DSL). No machine learning in the decision loop.

  • 1. Protocol reference validation -- does the proposal cite a recognized clinical guideline?
  • 2. Dosing parameter check -- is the medication within safe dosing boundaries?
  • 3. Contraindication screening -- any known drug interactions or patient-specific risks?
  • 4. Clinical boundary enforcement -- does the action stay within the AI's authorized scope?
  • 5. Data freshness validation -- are the clinical inputs sufficiently recent?
  • 6. Escalation threshold check -- does severity require human review regardless of safety pass?
  • 7. Policy pack compliance -- does the proposal satisfy organization-specific rules?
3

Verdict Decision

Based on gate results, Popper returns one of four verdicts. Each verdict includes structured rationale and conditions.

APPROVED

All gates pass. Medication within protocol. Decision: proceed autonomously.

ROUTE_TO_CLINICIAN

New medication class or severity threshold exceeded. Requires human judgment before proceeding.

REQUEST_MORE_INFO

Data is stale or insufficient. Cannot evaluate safely. Request updated information before deciding.

HARD_STOP

Dose exceeds maximum parameters. Contraindication detected. Action blocked with mandatory incident report.

4

Hard-to-Vary (HTV) Scoring

Beyond safety gates, every clinical proposal carries an HTV score measuring how tightly the explanation fits the evidence. This is not a confidence score -- it measures explanation quality.

  • -- Specificity: How precisely does the explanation account for each data point?
  • -- Necessity: Could any component be removed without weakening the explanation?
  • -- Falsifiability: What evidence would disprove this hypothesis?

Low HTV scores trigger automatic routing to clinician review, even when all safety gates pass. The system knows the difference between "safe" and "well-explained."

5

Clinical Boundary Enforcement

Popper enforces strict boundaries on what the AI can and cannot do. These boundaries are defined per organization through configurable policy packs.

  • -- Per-organization policy packs define authorized clinical domains, medication classes, and action types
  • -- Policy lifecycle management: versioned packs with controlled updates
  • -- Safe mode: automatic fallback when drift thresholds are breached

The system knows when to act autonomously, and when human judgment is required. This boundary is deterministic, not probabilistic.

Technical Detail

Safety Rules as Executable Policy

Popper's safety rules are not documentation. They are code that runs on every clinical proposal. Written in a Safety DSL, compiled to deterministic evaluators.

Configurable

Per-Organization Policy Packs

Each healthcare facility gets its own policy pack defining authorized scopes, medication formularies, escalation thresholds, and custom rules. Policy packs are versioned and lifecycle-managed.

YAML-based policy definitions compiled to deterministic evaluators
Multi-tenant architecture with strict organization isolation
Versioned lifecycle: deploy, monitor, update, retire -- all tracked
Deterministic

No ML in the Safety Path

Popper's evaluation pipeline is entirely deterministic. Same input always produces the same verdict. This is a regulatory requirement for a safety-critical supervisory system.

Parser, evaluator, and decision-builder are all deterministic code paths
No model drift, no hallucination, no stochastic variance
47ms median evaluation latency -- real-time clinical workflow integration

Regulatory alignment: Popper's deterministic architecture supports De Novo and MDDT qualification pathways. No LLM in the safety-critical path means no predicate device requirement for the supervisory layer.

Explore Safety Architecture

See how Popper's safety pipeline integrates with your clinical workflow and governance requirements.

Anton Kim, PhD

Anton Kim, PhD

CEO, Regain Inc.

@gsizm LinkedIn
Schedule 30 min call Email anton@regain.ai WhatsApp +1 (559) 702-6866 Telegram @Gsizm
Evidence & Validation Back to Overview