Readiness approach

We evaluate this work through three product risks

Instead of a single mega-checklist, we separate the three questions any new product has to answer — in order. Each risk has its own rubric so we don't confuse "should we build it?" with "can we build it?" with "will regulators and the business let us keep running it?"

AI RMF overview
Start here

Desirability

Do Medicare consumers actually want this?

Before we invest in building, we prove the core assumption: real Medicare shoppers and caregivers want an AI-guided way to choose and enroll in coverage — and they'll trust it enough to use it.

What this rubric covers
  • Member demand and unmet need
  • Willingness to use AI for coverage decisions
  • Trust and brand fit for a Medicare audience
  • Accessibility for the 65+ audience
  • Qualitative research and concept validation
Open Desirability rubric
Next

Feasibility

Can we actually build and integrate this?

Once we know members want it, we prove we can build it well. This is the engineering, data, and internal-tooling reality check — can the AI be accurate enough, fast enough, and safely wired into the systems we already run?

What this rubric covers
  • Model accuracy, evals, and refusal behavior
  • Voice, conversation UX, and accessibility execution
  • Integrations: HealthSafe ID, Plan Finder, Formulary, CRM, Enrollment
  • Data pipelines, freshness, and failure modes
  • Operational readiness: monitoring, handoff, on-call
Open Feasibility view
After

Viability

Is this sustainable, compliant, and defensible as a regulated Medicare product?

Even if members want it and we can build it, we still have to prove it holds up under CMS, Legal, and Model Risk review — and that the economics and operating model make sense at scale.

What this rubric covers
  • CMS TPMO, HIPAA, and marketing rules
  • Model Risk Management (MRM) sign-off and audit trail
  • State licensing footprint and agent oversight
  • Business model, unit economics, and long-term ops
  • Incident response, retirement, and change governance
Open Viability view
Method note

How Feasibility and Viability get evaluated

Inside the Feasibility and Viability rubrics we use the NIST AI Risk Management Framework (Govern → Map → Measure → Manage) as our working method. It is the standard regulators, Legal, and Model Risk already recognize, and it gives every workstream — voice, accuracy, integrations, compliance, and operations — a consistent shape. Desirability doesn't need it; the other two do.

Earlier drafts of this page compared several frameworks side by side (the 4 D's, Risk-First, Model/Product/Platform/Ops, Regulated-AI Governance). Those informed the current three-risk structure but are no longer maintained here.

Framework as a product

See the framework applied to a real project

We ran both rubrics against the /v4 experience of the Medicare Navigator AI prototype. Every code-verifiable item includes an evidence quote and file path.

Open sample analysis