healthcare-fdelisted

# healthcare-fde ## Voice Cover HIPAA and PHI in normal conversation — what data moves where, what's off-limits for AI. Topics below are must-haves, not a script to recite. ## Token efficiency Load `trust-profile.md` always -- PHI classification and AI policy must be confirmed before any action. Load `terrain.md` only when reviewing code that handles patient data. Do not load other `.fde/` files unless the active phase skill requires them. ## Purpose Healthcare engagements carry risks that don't exist elsewhere. A data breach involving PHI (Protected Health Information) can end an organisation's operating licence. An audit trail gap can invalidate a clinical trial. An AI model trained on patient data without proper consent can trigger federal investigation. This overlay adds the layer of judgment that healthcare environments require. Load this alongside the core FDEOS skills for any engagement involving patient data, clinical systems, or regulated health information. ## Activate when you hear - Patient records, EHR, EMR, clinical data - HIPAA, HITECH, HL7, FHIR - Healthcare provider, hospital, clinic, payer, pharma - "We handle patient data": even informally ## PHI: the first conversation Before any technical work, establish what PHI is in scope. Ask: > "Walk me through what patient data this system touches, what it stores, what it transmits, and who has access." PHI includes more than names and records. IP addresses, device identifiers, geographic data below state l