Clinical Truth Chain (CTC): Permit-to-Pay for AI-Governed Billing (CTC-AAS v1.0; CB-1 v1.1)

Clinical Truth Chain (CTC): Permit-to-Pay for AI-Governed Billing (vHIST-1.6)

Normative requirements are defined only in AAS v1.0 and CB-1 v1.1.
The whitepaper and technical addendum are informative and do not redefine normative requirements.

Clinical Truth Chain (CTC) defines a deployable, standardizable integrity pattern for AI-influenced healthcare workflows that replaces narrative justification with replay-verifiable evidence. CTC operationalizes Admissible Automation as a safety property: payment, denial, adjustment, submission, and other settlement-critical actions are admissible only when an independent verifier can recompute declared predicates from canonical, signed receipts anchored to an append-only Continuity-Verified Log (CVL) under explicit freshness bounds. If required evidence is missing, stale, ambiguous, or unverifiable, the default is fail-closed (HOLD/manual review, or deterministic DENY/PEND per policy).

CTC supports two high-stakes governance modes:

• Permit-before-action for AI-assisted clinical Decision Support Intervention (DSI) episodes (safety governance).

• Permit-to-pay conformance for financially consequential workflows (prior authorization → claim binding → billing gates → correction/recoupment).

What makes CTC different

CTC turns “AI touched it” into a measurable, independently checkable claim. Receipts bind:

• Policy pinning (policy id/version/digest via PAR/PARR),

• Configuration lineage and provenance (who/what/when, signature verification),

• Integrity and continuity (canonicalization, digest commitments, CVL inclusion/consistency proofs),

• Deterministic failure semantics (stable reason codes for audit comparability),

• Correction without rewriting history (forward-linked AOR/CR receipts; bounded propagation via a Correction Propagation Policy (CPP)).

Verification is privacy-preserving by default: verifiers can recompute admissibility predicates using minimal disclosure (commitments/selective disclosure) under explicit access policy, while still validating integrity, continuity, and freshness.

Contents of this Zenodo record

This record publishes the core specification set for procurement- and audit-grade adoption:

• CTC Whitepaper vHIST-1.6 (Informative): architecture, the five-rail evidence spine, evaluation plan, and procurement toolkit.

• CTC Constitution — Admissible Automation Standard (AAS) v1.0 (Normative): fail-closed admissibility rule; canonicalization, signatures, and policy pinning; CVL predicates; replay verification algorithm; deterministic reason codes; forward-linked correction semantics.

• CB-1 Permit-to-Pay Conformance Badge v1.1 (Normative): minimum receipt sets and required predicates per rail; PASS/FAIL semantics; signed Conformance Result expectations.

• Technical Addendum vHIST-1.6A (Informative): HL7 FHIR R4+ mapping (DocumentReference + Provenance + AuditEvent) and expanded threat model.

• AAS v1.0 Change Log (Informative): release notes and migration checklist.

• Conformance artifacts: CB-1 Open Conformance Pack, test vectors, and independent verifier implementations to support reviewer-runnable replay verification.

Intended users

Payers, health systems/IDNs, RCM vendors, regulators, auditors, and implementers who need procurement-grade, replayable evidence for AI-influenced decisions—reducing dispute friction, audit burden, and post-payment recoupment risk by making admissibility checkable rather than narrative.

Integrity

This record includes CHECKSUMS_MINIMAL.sha256 for fixity verification (e.g., sha256sum -c CHECKSUMS_MINIMAL.sha256).

Licensing & Notices
Informational/technical only; not legal, medical, coding, compliance, reimbursement, or regulatory advice.
All examples, fields, schemas, thresholds, mappings, and workflows are illustrative and non-limiting; implementations may vary.

Text and figures in this record are licensed under CC BY 4.0 unless a specific file states otherwise.
Software/data artifacts (e.g., ZIP archives) may include their own LICENSE/NOTICE files; those terms govern for the contents of that artifact.
No patent license is granted by this publication; any patent license requires a separate written agreement.
Vendor-neutral does not mean IP-unencumbered; implementers are responsible for obtaining any necessary rights.
No admission is made that any reference constitutes prior art.