Crinkle HealthFeasibility & Viability rubric

Feasibility & Viability — the build-and-run rubric

The regulator-grade spine (Govern → Map → Measure → Manage) with five first-class workstreams — Voice & UX, Accuracy & Evals, Integrations, Compliance & Safety, and Operations & Trust — so voice and integrations aren't buried inside a compliance document.

Prerequisite: complete the Desirability rubric first. This rubric answers "can we build and safely run it?" — not "do members want it?"
Extra risk lenses tagged on items
EthicalityFairness, member autonomy, consent, transparency, marketing integrity.
SafetyClinical & financial harm, PII protection, refusal, incident + rollback.

We keep these inside Feasibility & Viability rather than as separate rubrics — the tags make them visible without splintering the checklist.

Tracking a specific project? Project-level status (Validated / Partial / Not started / Blocked) lives in Analyze. This page is the criteria library.

Govern

Before any model touches a member, name the risk tier, the accountable owners, and the policies each workstream must satisfy. Compliance and Model Risk Management sign off here.

Workstream

Voice & UX

Persona, tone, and accessibility are governed as brand + compliance decisions, not styling.

G.V.1

Persona charter approved

Ethicality

Why: The AI's voice is a brand and compliance surface, not a styling choice.

Criteria: Named persona; tone principles; forbidden phrasings; humor policy.

Evidence: Signed persona doc from Brand, Legal, and Compliance.

Risk if skipped: Off-tone or non-compliant language reaches members.

G.V.2

Accessibility policy

Ethicality

Why: Medicare skews older and multi-ability. WCAG is a floor, not a stretch goal.

Criteria: WCAG 2.1 AA minimum; plain-language target ≤ 8th grade; assistive-tech scope.

Evidence: Accessibility policy; accountable owner (Design + Compliance).

Risk if skipped: Exclusion of the members most likely to need help; ADA exposure.

G.V.3

Caregiver / proxy policy

EthicalitySafety

Why: Someone else often drives the conversation; consent must be explicit.

Criteria: Who can act on whose behalf; consent capture; disclosure UX.

Evidence: Proxy policy; consent flow spec.

Risk if skipped: Unauthorized enrollment; HIPAA violations.

Accuracy & Evals

Risk tier drives how rigorously the model is evaluated and re-approved.

G.A.1

Model risk tier assigned

Why: MRM depth (evals, review cadence, sign-off) scales with tier.

Criteria: Tier defined per model use (recommendation, extraction, explanation).

Evidence: MRM tiering memo signed by risk officer.

Risk if skipped: Under-reviewed high-risk models slip into production.

G.A.2

Acceptable error thresholds set

Why: Ships gates need numbers, not adjectives.

Criteria: Strategy accuracy, ranking accuracy, hallucination rate, refusal rate.

Evidence: Approved thresholds by MRM + Product.

Risk if skipped: Subjective launch decisions; no basis for rollback.

G.A.3

Change-approval policy

Why: Prompt and model changes are model changes.

Criteria: Who approves prompt/model changes at each tier.

Evidence: Change policy; approver list.

Risk if skipped: Silent regressions from unreviewed prompt tweaks.

Integrations

Each integration is a data contract and an access decision.

G.I.1

System inventory + owners

Why: You can't govern what you can't name.

Criteria: HealthSafe ID, Plan Finder, Formulary, Provider Directory, CRM, Enrollment listed with owner.

Evidence: Integration register with named owners.

Risk if skipped: Orphaned dependencies; unclear escalation.

G.I.2

Data contracts + PII policy

Safety

Why: PHI/PII handling is regulated at every hop.

Criteria: Data classification, retention, minimum-necessary use, encryption in transit + at rest.

Evidence: Signed data contract per integration.

Risk if skipped: Breach; HIPAA fines; carrier contract violations.

G.I.3

Access approvals

Safety

Why: Least-privilege for humans and services alike.

Criteria: Role matrix; approval workflow; periodic recertification.

Evidence: Access review evidence.

Risk if skipped: Standing broad access; insider risk.

Compliance & Safety

CMS, HIPAA, and marketing rules become the guardrails — mapped, not memorized.

G.C.1

CMS TPMO rules mapped

Ethicality

Why: Third-Party Marketing Org rules apply the moment we discuss plans.

Criteria: TPMO disclaimer scope; scope-of-appointment logic (where applicable).

Evidence: Regulatory matrix; Compliance sign-off.

Risk if skipped: Marketing suspension; fines; carrier termination.

G.C.2

Marketing content review gate

Ethicality

Why: AI-generated member-facing text is still marketing.

Criteria: Templates + high-risk copy pre-approved; runtime constraints defined.

Evidence: Marketing review policy.

Risk if skipped: Non-compliant material reaches members.

G.C.3

State licensing footprint

Safety

Why: Enrollment requires licensed agents in each state.

Criteria: State list; licensing + appointment coverage.

Evidence: Licensing register.

Risk if skipped: Illegal sales activity.

Operations & Trust

Human oversight and incident response are governance, not afterthoughts.

G.O.1

Human oversight policy

EthicalitySafety

Why: AI decisions in Medicare need a human path, always.

Criteria: Escalation triggers; agent handoff SLAs; member override rights.

Evidence: Oversight policy signed by Compliance + Ops.

Risk if skipped: Members trapped in AI loop; complaints; regulatory exposure.

G.O.2

Incident severity matrix

Safety

Why: Not every error is a Sev-1; not every Sev-1 is obvious.

Criteria: Sev-1..3 definitions; notification obligations; comms owners.

Evidence: IR policy; on-call roster.

Risk if skipped: Missed reg notification windows; brand damage.

G.O.3

Model retirement policy

Safety

Why: Retiring or swapping a model is a governed event.

Criteria: Sunset criteria; member communication; audit trail.

Evidence: Retirement runbook.

Risk if skipped: Silent behavior change; broken auditability.

Sign-off to exit Govern
  • Named risk tier and acceptable error thresholds for every model use.
  • Persona, accessibility, and caregiver policies approved and owned.
  • Integration register with named owners and signed data contracts.
  • TPMO, HIPAA, and marketing rules mapped to product surfaces.
  • Human oversight, incident, and retirement policies published.