Skip to content

Glossary

Term expansions for the abbreviations and proper-noun shorthand used across the project, including the regulatory frameworks the agent must respect. Each entry names the jurisdiction or standards body when the term is sector-specific.

TermExpansionJurisdiction / scope
FDAFood and Drug AdministrationUnited States
WHOWorld Health OrganizationInternational
WHO EMLWHO Essential Medicines ListInternational, drug catalogue
MHRAMedicines and Healthcare products Regulatory AgencyUnited Kingdom
EMAEuropean Medicines AgencyEuropean Union
NAICNational Association of Insurance CommissionersUnited States, state-level insurance regulators
EIOPAEuropean Insurance and Occupational Pensions AuthorityEuropean Union
CMFComisión para el Mercado FinancieroChile, banking and securities regulator
CNBVComisión Nacional Bancaria y de ValoresMexico, banking and securities regulator
FFIECFederal Financial Institutions Examination CouncilUnited States, interagency banking standards
OCCOffice of the Comptroller of the CurrencyUnited States, federal bank regulator
NYDFSNew York State Department of Financial ServicesNew York State
ANMATAdministración Nacional de Medicamentos, Alimentos y Tecnología MédicaArgentina, drug and medical-device regulator
ANVISAAgência Nacional de Vigilância SanitáriaBrazil, drug and medical-device regulator
ISPInstituto de Salud PúblicaChile, drug and medical-device regulator
COFEPRISComisión Federal para la Protección contra Riesgos SanitariosMexico, drug and medical-device regulator
TermExpansionWhat it governs
Reg ERegulation E (Electronic Fund Transfer Act, 12 CFR Part 1005)US consumer EFT disputes, error-resolution timelines
Reg ZRegulation Z (Truth in Lending Act, 12 CFR Part 1026)US consumer-credit disclosures
KYCKnow Your CustomerCustomer-identification programme under BSA / AML rules
BSABank Secrecy ActUS anti-money-laundering recordkeeping and reporting
AMLAnti-Money LaunderingInternational controls against money-laundering and terrorism financing
PLAFTPrevención del Lavado de Activos y Financiamiento del TerrorismoLATAM Spanish term for the AML control programme
SR 11-7Federal Reserve Supervisory Letter 11-7, “Guidance on Model Risk Management”US bank model-risk governance
Solvency IIEU Directive 2009/138/EC, capital and supervisory framework for insurersEuropean Union insurance supervision
DORADigital Operational Resilience Act, EU Regulation 2022/2554EU financial-sector ICT and third-party risk
TermExpansionNotes
PHIProtected Health InformationHIPAA-defined data class
HIPAAHealth Insurance Portability and Accountability ActUS health-data privacy and security
EHRElectronic Health RecordClinical record system
CDSClinical Decision SupportDevice-vs-non-device classification under FDA’s CDS guidance
MIMotivational InterviewingPatient-engagement counselling approach
CSVComputer System ValidationTraditional GxP validation framework
CSAComputer Software AssuranceFDA’s risk-based 2022 successor to CSV
BAABusiness Associate AgreementHIPAA contract governing a vendor that handles PHI on a covered entity’s behalf
TermExpansionNotes
SOPStandard Operating ProcedureControlled procedural document
GxP”Good x Practice” umbrella (GMP, GLP, GCP, GDP, GVP, GPvP)Quality / regulatory framework family
21 CFR Part 11US FDA regulation on electronic records and electronic signaturesValidation, audit trail, signature controls
EU Annex 11EU GMP Annex 11, “Computerised Systems”EU counterpart to 21 CFR Part 11
ICH E6(R3)International Council for Harmonisation, Good Clinical Practice revision 3Modernised GCP standard
TermExpansionNotes
LLMLarge Language ModelFoundation-model family used by the agent
RAGRetrieval-Augmented GenerationPattern of grounding the LLM in a retrieved corpus
KBKnowledge BaseThe synthetic medication-adherence card corpus the agent retrieves over
OTelOpenTelemetryVendor-neutral tracing and metrics protocol
OpenInferenceLLM-specific OTel semantic conventions for spansSister project to OpenTelemetry
EU AI ActRegulation (EU) 2024/1689 on artificial intelligenceEU AI risk-classification regime; Annex III lists high-risk systems
GMLPGood Machine Learning PracticeFDA / MHRA / Health Canada joint guidance
NIST AI RMFNIST AI Risk Management FrameworkUS voluntary AI risk-management standard
CHAICoalition for Health AIHealth-AI industry body; its Applied Model Card format is used for the model card
ISO/IEC 42001AI management system standard (2023)Certifiable management-system standard for responsible AI
SOC 2Service Organization Control 2 (AICPA)Trust-services audit of security, availability, and confidentiality controls
OWASP LLM Top 10OWASP Top 10 for Large Language Model ApplicationsCommunity catalogue of the most critical LLM-application security risks
MITRE ATLASAdversarial Threat Landscape for Artificial-Intelligence SystemsMITRE knowledge base of adversarial tactics and techniques against AI systems
TermExpansionNotes
Cite-or-refuseCite-or-refuseThe core policy: a clinical assertion must cite a verified knowledge-base entry, or the agent declines
GuardrailsGuardrailsDeterministic input and output controls that keep the agent inside a defined safe scope
Scope classifierScope classifierThe component that decides whether a request falls in the agent’s supported domain
OODOut-of-domainA request outside the agent’s supported scope; handled by refusal or escalation
EscalationEscalationThe deterministic hand-off to a person or safe fallback when the agent must not answer
HITLHuman-in-the-loopA workflow where a person reviews, approves, or handles specific agent actions
LLM-as-judgeLLM-as-judgeUsing an LLM to score another model’s output against a rubric, calibrated against human judgment
FaithfulnessFaithfulnessWhether an answer’s claims are supported by the retrieved context; the anti-hallucination check
HallucinationHallucinationA fluent but unsupported or fabricated model claim
Cohen’s kappaCohen’s kappaA statistic for inter-rater agreement, used to gauge how closely the automated judge tracks human raters
Hybrid retrievalHybrid retrievalCombining dense (embedding) and sparse (keyword) search to retrieve context
BM25Best Matching 25A classic sparse, keyword-ranking retrieval function
RerankingRerankingA second-stage model that reorders retrieved candidates by relevance
Parent-document retrievalParent-document retrievalRetrieving small chunks but returning their larger parent passage for context
EmbeddingEmbeddingA numeric vector representation of text used for semantic (dense) search
SSEServer-Sent EventsA one-way HTTP streaming channel used to stream tokens to the client
TermExpansionJurisdiction
PIIPersonally Identifiable InformationGeneric privacy term
GDPRGeneral Data Protection Regulation, EU Regulation 2016/679European Union
LGPDLei Geral de Proteção de Dados Pessoais, Lei 13.709/2018Brazil
Ley 19.628Ley sobre Protección de la Vida PrivadaChile, personal-data protection law
Ley 21.719Ley que regula la protección y el tratamiento de los datos personalesChile, modernised personal-data protection law and authority (successor regime to Ley 19.628)
FERPAFamily Educational Rights and Privacy ActUnited States, student records
WCAGWeb Content Accessibility Guidelines, W3C / WAIInternational accessibility standard
TermExpansionNotes
UPLUnauthorised Practice of LawBar against non-lawyer legal advice in most jurisdictions
TermExpansionNotes
VASValue-Added ServiceCarrier-billed messaging or premium SMS path; a LATAM low-bandwidth delivery channel
LATAMLatin AmericaTwenty-country region from Mexico to Argentina, plus the Caribbean Spanish-speaking states
TermExpansionNotes
CIContinuous IntegrationPer-commit build-and-test pipeline
CDContinuous DeploymentPer-merge deploy pipeline
SDKSoftware Development KitE.g. the Hugging Face Spaces “Docker SDK” build mode
CPU BasicHugging Face Spaces hardware tier2 vCPU, 16 GB RAM, free tier; the genuinely-$0 secondary deploy target (Google Cloud Run is the primary production target)
TPM / RPMTokens-per-minute / Requests-per-minuteLLM provider rate-limit dimensions
PRPull RequestThe change-review unit; eval, cost, and red-team gates run on every PR
PoCProof of ConceptAn early build that tests feasibility before committing to production
SLOService Level ObjectiveA target for a measurable service property (such as latency or a cost budget) used as shippable evidence

This glossary covers the canonical terms used across the documentation and ADRs. If a term is missing, the substantive source of truth lives in regulatory posture (regulatory posture and exclusions) and data (dataset licence audit and exclusion list).