init: Signal CGM Level 1 — clean start

2026-04-11 19:38:51 -04:00 · 2026-04-11 19:38:51 -04:00 · aa653f2343
commit aa653f2343
2 changed files with 80 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,9 @@
 venv/
 .env
 **/*.env
 *.pyc
 __pycache__/
 *.csv
 data/
 node_modules/
 .DS_Store
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -0,0 +1,71 @@
 # STTIL Solutions — Signal CGM | Level 1 Active Context
 ## What This Tool Does
 Signal CGM is a B2B CGM coverage worklist tool for DMEPOS suppliers.
 It ingests shipment data (CSV from Brightree/WellSky), calculates
 coverage expiration per patient using device wear-day rules, and
 produces a prioritized worklist so small DME teams can do proactive
 outreach BEFORE claims deny.
 ## Core Value Proposition
 Shifts supplier staff time from reactive (appeals after denial)
 to proactive (preventing denial conditions).
 The workload curve: appeals volume drops over time as proactive
 coverage management replaces it. Outreach volume starts manageable
 and stays predictable.
 ## PHI Architecture — Non-Negotiable
 - STTIL never stores patient names, SSNs, DOBs, or contact info
 - Sole crosswalk key: patient_id (DME's internal MRN or account #)
 - DME staff maintain the patient_id ↔ real identity mapping locally
 - AI/calculation layer sees: patient_id, device_type, shipment_date,
  quantity, payer — NOTHING else
 - All logs use hashed patient_id, never raw
 ## Level 1 Stack (Active)
 - Hosting: Hostinger VPS (self-hosted, data never leaves VPS)
 - Language: Python (FastAPI or Flask)
 - Database: PostgreSQL (encrypted at rest, audit logs)
 - Orchestration: n8n self-hosted (24-hr batch trigger)
 - Notifications: Self-hosted Mailcow — encrypted email to DME staff only
 - Frontend: Simple dashboard (Vercel or self-hosted)
 - Auth: Session tokens in PostgreSQL (no Convex needed for MVP)
 ## Active Files
 - python-backend/core/coverage_calculator.py
 - python-backend/core/audit_logger.py
 - python-backend/core/db_models.py
 - python-backend/config/payer_rules.json
 - Projects/DMEPOS/dmepos-research-v3.md (market context)
 - Projects/DMEPOS/compliance-roadmap-v1.md
 - Projects/Newsletter/newsletter-strategy-v1.md
 ## Current BAA Obligations (Level 1 Only)
 - Hostinger VPS: Request BAA (PHI host)
 - Anthropic API: Request BAA if AI layer touches PHI
 - Everything else: self-hosted = you are the operator
 ## Workload Impact Model (Build This)
 Two-curve graph showing supplier staff time over months:
 - Curve A: Appeals/denials workload (reactive) — starts HIGH, trends DOWN
 - Curve B: Proactive outreach via Signal CGM — starts MANAGEABLE, stays FLAT
 - X-axis: Months 1–12 post-onboarding
 - Crossover point = ROI moment to show on discovery calls
 ## What Is Tabled (Do Not Build Yet)
 | Item | Phase | Reason deferred |
 |------|-------|----------------|
 | Dexcom OAuth API integration | Phase 2 | Requires vendor agreement + PHI scope expansion |
 | Prescriber fax automation | Phase 2 | Workflow complexity; Level 1 manual outreach sufficient |
 | Patient-facing SMS (Twilio, not SignalWire) | Phase 3 | PHI transmission to third-party; requires BAA + consent layer |
 | Consortium strategy (Level 2/3) | 18–24 months | Depends on 15+ paying Level 1 suppliers first |
 | Convex | Phase 2+ | Not needed until real-time sync requirements emerge |
 ## Instructions for Claude Code Sessions
 - Work only on Level 1 scope
 - Never suggest adding PHI fields beyond patient_id
 - Flag any vendor integration that would require a new BAA
 - When building calculations, reference payer_rules.json for wear days
 - When building audit logs, always hash patient_id before storing
 - If asked about Phase 2/3, acknowledge and defer — do not spec or build