Reference documentation: not a medical device
This documentation describes a public reference implementation evaluated on 100% synthetic data. It is a capability and readiness reference, not a compliance certification or legal advice, and it is not a medical device. It is not clinically validated and handles no production PHI.
Term expansions for the abbreviations and proper-noun shorthand used
across the project, including the regulatory frameworks the agent
must respect. Each entry names the jurisdiction or standards body when
the term is sector-specific.
Term Expansion Jurisdiction / scope FDA Food and Drug Administration United States WHO World Health Organization International WHO EML WHO Essential Medicines List International, drug catalogue MHRA Medicines and Healthcare products Regulatory Agency United Kingdom EMA European Medicines Agency European Union NAIC National Association of Insurance Commissioners United States, state-level insurance regulators EIOPA European Insurance and Occupational Pensions Authority European Union CMF Comisión para el Mercado Financiero Chile, banking and securities regulator CNBV Comisión Nacional Bancaria y de Valores Mexico, banking and securities regulator FFIEC Federal Financial Institutions Examination Council United States, interagency banking standards OCC Office of the Comptroller of the Currency United States, federal bank regulator NYDFS New York State Department of Financial Services New York State ANMAT Administración Nacional de Medicamentos, Alimentos y Tecnología Médica Argentina, drug and medical-device regulator ANVISA Agência Nacional de Vigilância Sanitária Brazil, drug and medical-device regulator ISP Instituto de Salud Pública Chile, drug and medical-device regulator COFEPRIS Comisión Federal para la Protección contra Riesgos Sanitarios Mexico, drug and medical-device regulator
Term Expansion What it governs Reg E Regulation E (Electronic Fund Transfer Act, 12 CFR Part 1005) US consumer EFT disputes, error-resolution timelines Reg Z Regulation Z (Truth in Lending Act, 12 CFR Part 1026) US consumer-credit disclosures KYC Know Your Customer Customer-identification programme under BSA / AML rules BSA Bank Secrecy Act US anti-money-laundering recordkeeping and reporting AML Anti-Money Laundering International controls against money-laundering and terrorism financing PLAFT Prevención del Lavado de Activos y Financiamiento del Terrorismo LATAM Spanish term for the AML control programme SR 11-7 Federal Reserve Supervisory Letter 11-7, “Guidance on Model Risk Management” US bank model-risk governance Solvency II EU Directive 2009/138/EC, capital and supervisory framework for insurers European Union insurance supervision DORA Digital Operational Resilience Act, EU Regulation 2022/2554 EU financial-sector ICT and third-party risk
Term Expansion Notes PHI Protected Health Information HIPAA-defined data class HIPAA Health Insurance Portability and Accountability Act US health-data privacy and security EHR Electronic Health Record Clinical record system CDS Clinical Decision Support Device-vs-non-device classification under FDA’s CDS guidance MI Motivational Interviewing Patient-engagement counselling approach CSV Computer System Validation Traditional GxP validation framework CSA Computer Software Assurance FDA’s risk-based 2022 successor to CSV BAA Business Associate Agreement HIPAA contract governing a vendor that handles PHI on a covered entity’s behalf
Term Expansion Notes SOP Standard Operating Procedure Controlled procedural document GxP ”Good x Practice” umbrella (GMP, GLP, GCP, GDP, GVP, GPvP) Quality / regulatory framework family 21 CFR Part 11 US FDA regulation on electronic records and electronic signatures Validation, audit trail, signature controls EU Annex 11 EU GMP Annex 11, “Computerised Systems” EU counterpart to 21 CFR Part 11 ICH E6(R3) International Council for Harmonisation, Good Clinical Practice revision 3 Modernised GCP standard
Term Expansion Notes LLM Large Language Model Foundation-model family used by the agent RAG Retrieval-Augmented Generation Pattern of grounding the LLM in a retrieved corpus KB Knowledge Base The synthetic medication-adherence card corpus the agent retrieves over OTel OpenTelemetry Vendor-neutral tracing and metrics protocol OpenInference LLM-specific OTel semantic conventions for spans Sister project to OpenTelemetry EU AI Act Regulation (EU) 2024/1689 on artificial intelligence EU AI risk-classification regime; Annex III lists high-risk systems GMLP Good Machine Learning Practice FDA / MHRA / Health Canada joint guidance NIST AI RMF NIST AI Risk Management Framework US voluntary AI risk-management standard CHAI Coalition for Health AI Health-AI industry body; its Applied Model Card format is used for the model card ISO/IEC 42001 AI management system standard (2023) Certifiable management-system standard for responsible AI SOC 2 Service Organization Control 2 (AICPA) Trust-services audit of security, availability, and confidentiality controls OWASP LLM Top 10 OWASP Top 10 for Large Language Model Applications Community catalogue of the most critical LLM-application security risks MITRE ATLAS Adversarial Threat Landscape for Artificial-Intelligence Systems MITRE knowledge base of adversarial tactics and techniques against AI systems
Term Expansion Notes Cite-or-refuse Cite-or-refuse The core policy: a clinical assertion must cite a verified knowledge-base entry, or the agent declines Guardrails Guardrails Deterministic input and output controls that keep the agent inside a defined safe scope Scope classifier Scope classifier The component that decides whether a request falls in the agent’s supported domain OOD Out-of-domain A request outside the agent’s supported scope; handled by refusal or escalation Escalation Escalation The deterministic hand-off to a person or safe fallback when the agent must not answer HITL Human-in-the-loop A workflow where a person reviews, approves, or handles specific agent actions LLM-as-judge LLM-as-judge Using an LLM to score another model’s output against a rubric, calibrated against human judgment Faithfulness Faithfulness Whether an answer’s claims are supported by the retrieved context; the anti-hallucination check Hallucination Hallucination A fluent but unsupported or fabricated model claim Cohen’s kappa Cohen’s kappa A statistic for inter-rater agreement, used to gauge how closely the automated judge tracks human raters Hybrid retrieval Hybrid retrieval Combining dense (embedding) and sparse (keyword) search to retrieve context BM25 Best Matching 25 A classic sparse, keyword-ranking retrieval function Reranking Reranking A second-stage model that reorders retrieved candidates by relevance Parent-document retrieval Parent-document retrieval Retrieving small chunks but returning their larger parent passage for context Embedding Embedding A numeric vector representation of text used for semantic (dense) search SSE Server-Sent Events A one-way HTTP streaming channel used to stream tokens to the client
Term Expansion Jurisdiction PII Personally Identifiable Information Generic privacy term GDPR General Data Protection Regulation, EU Regulation 2016/679 European Union LGPD Lei Geral de Proteção de Dados Pessoais, Lei 13.709/2018 Brazil Ley 19.628 Ley sobre Protección de la Vida Privada Chile, personal-data protection law Ley 21.719 Ley que regula la protección y el tratamiento de los datos personales Chile, modernised personal-data protection law and authority (successor regime to Ley 19.628) FERPA Family Educational Rights and Privacy Act United States, student records WCAG Web Content Accessibility Guidelines, W3C / WAI International accessibility standard
Term Expansion Notes UPL Unauthorised Practice of Law Bar against non-lawyer legal advice in most jurisdictions
Term Expansion Notes VAS Value-Added Service Carrier-billed messaging or premium SMS path; a LATAM low-bandwidth delivery channel LATAM Latin America Twenty-country region from Mexico to Argentina, plus the Caribbean Spanish-speaking states
Term Expansion Notes CI Continuous Integration Per-commit build-and-test pipeline CD Continuous Deployment Per-merge deploy pipeline SDK Software Development Kit E.g. the Hugging Face Spaces “Docker SDK” build mode CPU Basic Hugging Face Spaces hardware tier 2 vCPU, 16 GB RAM, free tier; the genuinely-$0 secondary deploy target (Google Cloud Run is the primary production target) TPM / RPM Tokens-per-minute / Requests-per-minute LLM provider rate-limit dimensions PR Pull Request The change-review unit; eval, cost, and red-team gates run on every PR PoC Proof of Concept An early build that tests feasibility before committing to production SLO Service Level Objective A target for a measurable service property (such as latency or a cost budget) used as shippable evidence
This glossary covers the canonical terms used across the documentation
and ADRs. If a term is missing, the substantive source of truth lives
in regulatory posture (regulatory posture and
exclusions) and data (dataset licence audit and exclusion
list).