The Missing Control Plane in Health-AI

SAPEY

White Paper  ·  March 2026

sapey.ai

Why Healthcare Systems Require a Deterministic Governance Layer to Ensure their Existing AI Systems are Safe to Use.

For additional Publication & Information, please visit our SSRN Page.

Executive Summary

Healthcare is entering a phase of rapid automation. Artificial intelligence is being deployed across clinical documentation, coding, care planning, and operational workflows. Yet despite this acceleration, one fundamental problem remains unresolved:

This creates a structural risk: decisions that cannot be verified, actions that cannot be audited, and systems that cannot be trusted.

The industry has invested heavily in data infrastructure and AI models. What is missing is the layer that determines whether a system is allowed to act.

This paper introduces that missing layer: a deterministic governance control plane for healthcare systems.

Without a deterministic governance layer, healthcare systems cannot safely automate regulated actions at scale. Any attempt to do so introduces non-auditable risk.

1. The Problem: Healthcare AI Cannot Be Trusted at the Point of Action

Healthcare systems today operate on a fragile assumption: if a system produces a reasonable output, it is safe to act on it.

This assumption breaks down under real-world conditions.

•      Clinical inputs are unstructured and ambiguous

•      AI outputs are probabilistic, not deterministic

•      Decisions are not consistently auditable

•      Compliance is validated after execution, not before

•      Workflows allow direct execution on raw or interpreted data without enforced validation

The result is a systemic failure mode: actions are taken without a provable chain of reasoning, authorization, and verification.

In regulated environments, this is not a minor inefficiency. It is a structural flaw.

Figure 1. The current approach vs. the missing governance layer.

2. The Root Cause: A Missing Layer of System Authority

The healthcare technology stack has evolved in two major directions:

What is missing is a third layer:

Without this layer, AI can generate outputs, systems can process workflows, and actions can be executed. But there is no deterministic mechanism that enforces whether those actions should occur.

Healthcare has built systems that can think, but not systems that can govern execution.

The industry mistake is treating AI as intelligence instead of infrastructure. Intelligence produces outputs. Infrastructure governs authority. Healthcare needs both.

3. The Principle: Deterministic Governance at Runtime

To address this, healthcare systems must adopt a strict principle:

This principle defines a required execution chain:

•      Interpret. Raw input is transformed into a structured, deterministic interpretation.

•      Commit. That interpretation is recorded as an immutable, verifiable system state.

•      Authorize. Policy and regulatory rules are evaluated against that state.

•      Execute. Action is permitted only if authorization is valid.

This is not a guideline. It is a system invariant. Any architecture that allows execution outside this chain introduces risk.

4. The Architecture: A Governance Control Plane

This principle requires a new type of system architecture: a governance control plane that operates alongside existing systems and enforces how actions occur.

Deterministic Interpretation Artifact

Every input is transformed into a structured, auditable representation of meaning. This artifact captures the interpretation, includes confidence and supporting evidence, and is stable and reproducible. It becomes the basis for all downstream decisions.

Immutable Commitment Layer

The interpretation is committed to an immutable record. This ensures tamper detection, replayability, and consistent state across the system. A system state that is not committed is not considered valid.

Authorization Layer

All actions are evaluated against policy rules, jurisdictional requirements, and system constraints. This produces a deterministic decision: allow, hold, or refuse.

Execution Gating

No system action is permitted unless a valid interpretation exists, the interpretation has been committed, and a valid authorization decision exists. The default state is “no action permitted.”

5. What Happens Without This Layer

If the governance control plane does not exist:

•      AI remains advisory only — unable to safely drive regulated actions

•      Automation stalls at the compliance boundary — organizations cannot scale what they cannot audit

•      Compliance risk increases with every new AI deployment — each system introduces unverified decision paths

•      Systems fragment further — every vendor builds its own ad-hoc governance, none of them interoperable

•      Regulatory friction compounds — CMS, state agencies, and payers demand proof that organizations cannot produce

The gap between what AI systems can do and what they are allowed to do widens. Without a governance layer to close it, healthcare automation stalls.

6. What This Enables

For Providers

•      Deterministic documentation workflows

•      Audit-ready decisions with full provenance

•      Reduced compliance exposure

For Payers

•      Verifiable claims processing

•      Reduced ambiguity in coding

•      Consistent coding across submissions

For Regulators

•      Proof of control operation, not just control existence

•      Replayable decisions

•      Structured evidence bundles for audits

For AI Systems

•      Safe deployment in regulated environments

•      Bounded execution behavior

•      Explainability tied to system state, not model output

7. Why Now

Healthcare is at an inflection point. Several forces are converging:

•      CMS is tightening enforcement and audit intensity across Medicare/Medicaid-certified facilities

•      TEFCA enforcement is creating new interoperability requirements with accountability expectations

•      AI adoption is accelerating faster than regulatory frameworks can adapt, creating a widening gap between what systems can do and what they are allowed to do

•      Workforce shortages are driving automation in clinical documentation, coding, and compliance workflows

•      Audit pressure is increasing at both federal and state levels, with facilities expected to produce traceable proof of every coding and compliance decision

The system is shifting from documentation to automation. But automation without governance is unacceptable.

The next phase of healthcare infrastructure must ensure: systems cannot act unless they are authorized to act.

8. Sapey

Sapey implements this architecture as a deterministic governance control plane for healthcare systems.

Sapey does not replace EHRs, AI models, or workflows. It governs them.

The initial focus is long-term care and post-acute settings. The architecture extends across regulatory frameworks, facility types, and eventually other regulated industries where deterministic semantic governance is required.

Healthcare does not lack data. Healthcare does not lack intelligence.

Healthcare lacks a system that determines what is allowed to happen.

A governance control plane provides that system.

As healthcare continues to automate, this layer will move from optional to required.

About Sapey

Sapey is building the deterministic governance infrastructure for regulated AI systems. The platform establishes a semantic admissibility boundary where clinical inputs are interpreted into canonical artifacts, committed to an immutable ledger, and evaluated by a policy runtime before any regulated action can execute.

sapey.ai