Dev Reference

Payer Optimization

Payer-specific coding rules, modifier suggestions, prior-auth guidance, and optimization audit trail — with hard compliance guardrails to prevent abuse.

Data Classification: All entities are org-scoped (partitioned by OrganizationID). See Data Model for ownership rules and IC Reference for isolation constraints.

Hard Guardrails — Non-Negotiable Compliance Rules:

No Medicare/Medicaid access reduction: Optimization rules MUST NOT reduce patient access to Medicare or Medicaid covered services. Any rule that would deny, delay, or downgrade coverage for government-insured patients is rejected at validation.
No protected-category discrimination: Rules MUST NOT differentiate based on race, ethnicity, sex, gender identity, disability, age, or any protected category under federal/state anti-discrimination law.
No payer-margin visibility to patients: Patients MUST NEVER see payer optimization data, margin analysis, or reimbursement differentials. The Patient role (10) has NO ACCESS to any entity in this module.
Never surface non-compliant suggestions: CodingOptimizationSuggestion records with IsCompliant = false MUST NOT be displayed to any user. They are retained for audit purposes only and visible exclusively in the OptimizationAuditEntry trail.

PayerOptimizationConfig

Org-scoped. Trust Tier: T2 (organization configuration).

Schema

Field	Type	Required	PK	FK	Notes
PayerOptimizationConfigID	UUID	Yes	Yes		Primary key
OrganizationID	UUID	Yes		Organization	One config per organization
IsEnabled	Bool	Yes			Master on/off switch
DisclosureText	Text	No			Displayed to staff when optimization is active
LastEnabledDateTime	DateTime (UTC)	No
CreatedByUserID	UUID	Yes		User	Audit
CreatedDateTime	DateTime (UTC)	Yes			Audit
UpdatedByUserID	UUID	Yes		User	Audit
UpdatedDateTime	DateTime (UTC)	Yes			Audit

RBAC

Role	Tier	Permissions
Patient (10)	—	NO ACCESS (hard rule)
Front Desk (30)	T2	Read config status
MA / RN (40)	T2	Read config status
Clinician (60)	T2	Read config + rules
Billing Manager (70)	T2	Read all; write rules; read audit
Compliance Officer (75)	T2	Read all (no write)
Practice Owner (80)	T2	Read / write config; read suggestions; read audit
EditAMI (90)	T2	Schema administration

PayerRule

Org-scoped. Trust Tier: T2 (payer contract rules).

Schema

Field	Type	Required	PK	FK	Notes
PayerRuleID	UUID	Yes	Yes		Primary key
PayerName	String(100)	Yes
PayerPlanId	String(50)	No			Specific plan within payer
RuleType	String(50)	Yes			Modifier / PreAuth / Documentation / CodingThreshold / Bundling
RuleDefinition	Text	Yes			JSON-encoded rule logic
EffectiveDateTime	DateTime (UTC)	Yes
IsActive	Bool	Yes
OrganizationID	UUID	Yes		Organization	Tenant partition key
CreatedByUserID	UUID	Yes		User	Audit
CreatedDateTime	DateTime (UTC)	Yes			Audit
UpdatedByUserID	UUID	Yes		User	Audit
UpdatedDateTime	DateTime (UTC)	Yes			Audit

RBAC

Role	Tier	Permissions
Patient (10)	—	NO ACCESS (hard rule)
Front Desk (30)	T2	Read rules
MA / RN (40)	T2	Read rules
Clinician (60)	T2	Read rules
Billing Manager (70)	T2	Read / write rules
Compliance Officer (75)	T2	Read all (no write)
Practice Owner (80)	T2	Read rules
EditAMI (90)	T2	Schema administration

CodingOptimizationSuggestion

Org-scoped. Trust Tier: T2 (coding metadata). Records with IsCompliant = false are NEVER displayed to users.

Schema

Field	Type	Required	PK	FK	Notes
CodingOptimizationSuggestionID	UUID	Yes	Yes		Primary key
EncounterID	UUID	Yes		Encounter
SuggestedCode	String(50)	Yes			Suggested CPT/HCPCS code
OriginalCode	String(50)	Yes			Code before optimization
SuggestionReason	String(200)	Yes
IsCompliant	Bool	Yes			False = suppressed from UI, audit-only
WasAccepted	Bool	No			Null until clinician acts
OrganizationID	UUID	Yes		Organization	Tenant partition key
CreatedByUserID	UUID	Yes		User	Audit
CreatedDateTime	DateTime (UTC)	Yes			Audit
UpdatedByUserID	UUID	Yes		User	Audit
UpdatedDateTime	DateTime (UTC)	Yes			Audit

RBAC

Role	Tier	Permissions
Patient (10)	—	NO ACCESS (hard rule)
Clinician (60)	T2	Read own encounter suggestions (IsCompliant=true only); accept/reject
Billing Manager (70)	T2	Read all compliant suggestions
Compliance Officer (75)	T2	Read all (including non-compliant, audit context)
Practice Owner (80)	T2	Read compliant suggestions
EditAMI (90)	T2	Schema administration

OptimizationAuditEntry

Org-scoped. Trust Tier: T1 (immutable compliance audit trail). IMMUTABLE — append-only. No updates or deletes permitted.

Schema

Field	Type	Required	PK	FK	Notes
OptimizationAuditEntryID	UUID	Yes	Yes		Primary key
PayerOptimizationConfigID	UUID	Yes		PayerOptimizationConfig
ActorUserID	UUID	Yes		User
PatientID	UUID	No		Patient	Null for config-level actions
ActionType	String(50)	Yes			e.g. ConfigEnabled, RuleCreated, SuggestionAccepted, SuggestionRejected, NonCompliantSuppressed
Detail	Text	No			Human-readable detail
ActionDateTime	DateTime (UTC)	Yes
OrganizationID	UUID	Yes		Organization	Tenant partition key
CreatedByUserID	UUID	Yes		User	Audit
CreatedDateTime	DateTime (UTC)	Yes			Audit (same as ActionDateTime on insert)
UpdatedByUserID	UUID	Yes		User	Audit (immutable — always equals Created)
UpdatedDateTime	DateTime (UTC)	Yes			Audit (immutable — always equals Created)

RBAC

Role	Tier	Permissions
Patient (10)	—	NO ACCESS (hard rule)
Billing Manager (70)	T1	Read audit entries
Compliance Officer (75)	T1	Read all audit entries
Practice Owner (80)	T1	Read audit entries
EditAMI (90)	T1	Schema administration (no delete)

Trust tier roll-up

Entity	Tier	Source of truth
`PayerOptimizationConfig`	1 — Internal canonical	Set by an authorized practice owner within this system; gates all other features
`PayerRule`	2 — External inbound	Sourced from payer policy documentation; curated and effective-dated by the billing manager
`CodingOptimizationSuggestion`	1 — Internal derived	Generated by the engine from global clinical data within this system, with compliance validation against documented findings
`OptimizationAuditEntry`	1 — Internal canonical	Append-only audit trail authored by the system in response to authenticated user actions; never modified or deleted

RBAC matrix (IC 0–100 scale)

Role	Level	PayerOptimizationConfig	PayerRule	CodingOptimizationSuggestion	OptimizationAuditEntry
Patient (self)	10	No access	No access	No access	No access
Front desk (Jordan)	30	Read (knows if enabled)	Read applicable rules	No access	No access
MA / RN	40	Read	Read applicable rules	No access	No access
Clinician (Dr. M)	60	Read	Read applicable rules	Read own; Accept/Reject	No access
Billing manager (Sam)	70	Read	Read / Write (author rules)	Read all	Read
Practice owner	80	Read / Write (enable/disable)	Read	Read all	Read
Compliance officer	75	Read	Read	Read all	Read
EditAMI	90	Required for any AMI schema break (per IC hard rule #5)

Patient access hard rule: Patients have no access to any Payer Optimization data — not the config, not the rules, not the suggestions, not the audit log. Payer-margin data is never exposed to patients, and the patient-facing experience is identical whether Payer Optimization is enabled or disabled at the practice.

FK Relationship Diagram

erDiagram
    Organization ||--o| PayerOptimizationConfig : "has"
    PayerOptimizationConfig ||--o{ OptimizationAuditEntry : "audits"
    User ||--o{ OptimizationAuditEntry : "ActorUserID"
    Patient ||--o{ OptimizationAuditEntry : "PatientID"
    Encounter ||--o{ CodingOptimizationSuggestion : "generates"

Optimization Suggestion Flow

flowchart TD
    A[Encounter coding completed] --> B[Optimization engine evaluates PayerRules]
    B --> C{Suggestion generated?}
    C -- No --> D[No action]
    C -- Yes --> E{IsCompliant check}
    E -- false --> F[Suppress from UI]
    F --> G[Log NonCompliantSuppressed in audit]
    E -- true --> H[Display to Clinician]
    H --> I{Clinician decision}
    I -- Accept --> J[Update code on ClaimLine]
    J --> K[Log SuggestionAccepted in audit]
    I -- Reject --> L[Keep original code]
    L --> M[Log SuggestionRejected in audit]

Functional Requirements

P0 The system SHALL enforce all four hard guardrails (no Medicare/Medicaid access reduction, no protected-category discrimination, no patient visibility, no non-compliant suggestion display) at the application layer with no override mechanism.
P0 The system SHALL validate every PayerRule against guardrails before activation and reject non-compliant rules with a detailed error message.
P0 The system SHALL maintain an immutable, append-only OptimizationAuditEntry log for every action (config changes, rule creation, suggestion acceptance/rejection, non-compliant suppression).
P0 The system SHALL suppress CodingOptimizationSuggestion records with IsCompliant=false from all user-facing views; these records are retained exclusively for audit.
P0 The system SHALL provide a master on/off switch (PayerOptimizationConfig.IsEnabled) that immediately disables all suggestion generation when set to false.
P1 The system SHALL generate coding optimization suggestions by evaluating encounter codes against active PayerRules for the encounter's payer.
P1 The system SHALL allow clinicians to accept or reject compliant suggestions, with the decision recorded in the audit trail.
P1 The system SHALL support five rule types: Modifier, PreAuth, Documentation, CodingThreshold, and Bundling.
P1 The system SHALL allow Billing Managers to create, modify, and deactivate PayerRules with effective dates.
P1 The system SHALL display disclosure text to staff when optimization is active, as configured in PayerOptimizationConfig.DisclosureText.
P2 The system SHALL provide optimization impact reporting (acceptance rate, revenue impact, denial reduction) for Practice Owners.
P2 The system SHALL support rule versioning so that historical rule definitions are preserved when rules are updated.
P2 The system SHALL allow Compliance Officers read-only access to all entities including non-compliant suggestions for audit review.
P2 The system SHALL support payer-plan-level rule targeting (PayerRule.PayerPlanId) for granular optimization.

Non-Functional Requirements

Latency: Suggestion generation completes within 2 seconds per encounter (99th percentile).
Guardrail Enforcement: Guardrail validation runs synchronously on every rule save and suggestion display; no async bypass.
Audit Immutability: OptimizationAuditEntry table has no UPDATE or DELETE permissions at the database level; append-only enforced.
Audit Retention: Audit entries retained for minimum 10 years; no purge without compliance officer approval.
Availability: Optimization engine 99.9% uptime; graceful degradation (show original codes) on failure.
Encryption: All optimization data encrypted at rest (AES-256); TLS 1.2+ in transit.
Scalability: Support 100 active PayerRules per organization; evaluate all rules per encounter within latency SLA.
Compliance Testing: Guardrail enforcement covered by automated integration tests run on every deployment; deployment blocked if any guardrail test fails.

icApplication Overrides

How the four Payer Optimization AMI schemas turn into a live application: module-specific stack additions, override component bindings, the coding optimization pipeline, the payer rules engine integration with Coding / CDS, a versioning worked example, environment cascade, and RBAC enforcement.

Shared generation map. The IC platform code-gen flow, default bindings, environment cascade, RBAC model, and CLI commands are identical across all modules. See the IC Reference for the canonical shared reference. This section covers only Payer Optimization-specific content.

Technology stack P0

The shared platform stack (Cosmos DB, Redis, IC-generated API, Angular 21, SQS+SNS, OpenTelemetry, etc.) is documented in the IC Reference. Module-specific additions:

Layer	Technology	Notes
Coding optimization engine	Coding / CDS module	CDS Hooks invocation at charge-capture time; payer-specific rule overlay applied as additional CDS card.
Payer rules engine	JSON rule definitions + in-process evaluator	Rules stored as `PayerRule.RuleDefinitionText` (JSON); evaluated by a dedicated in-process rules evaluator. Quarterly refresh cycle.
Scheduling integration	Scheduling module	Advisory payer-mix guidance sent to Scheduling via CDS Hooks; hard guardrails enforced in the Payer Optimization layer, not delegated to Scheduling.
Denial data feed	RCM module	Denial and remittance data flows from RCM into the ROI dashboard via async SQS messages.
FHIR resource profiles	Task (suggestion), Coverage (payer)	R4 baseline; USCDI v3 alignment for CY 2026.
Audit log	Dedicated Cosmos DB dedicated container	`OptimizationAuditEntry` rows written to a separate Cosmos DB container with synchronous replication for zero-data-loss durability.
Feature flag	LaunchDarkly (or equivalent)	Kill-switch for entire Payer Optimization module; disables all optimization behavior without a code deploy.

Payer Optimization override bindings P0

These overrides are declared in rules/*.rules.json and replace the default for the matching field name pattern.

Field	Default would render	Override component	Why
`PayerOptimizationConfig.IsEnabledBool`	plain checkbox	`ic-ng21-payer-opt-1-opt-in-dialog`	Opt-in requires disclosure acknowledgment; plain checkbox bypasses the compliance gate. The dialog enforces review-before-enable with disclosure text and timestamp recording.
`PayerOptimizationConfig.DisclosureText`	plain textarea	`ic-ng21-core-1-textarea` (read-only)	Disclosure text is system-authored and read-only; the practice owner reviews but does not edit it.
`PayerRule.RuleDefinitionText`	plain textarea	`ic-ng21-payer-opt-1-rule-editor`	Structured JSON rule editor with validation, type-specific templates (Modifier / PreAuth / Documentation / CodingThreshold / Bundling), and syntax checking; prevents malformed rule definitions.
`PayerRule.RuleTypeString50`	plain text input	`ic-ng21-core-1-combobox`	Constrained to the five valid rule types; free-text entry would allow invalid types.
`PayerRule.IsActiveBool`	plain checkbox	`ic-ng21-core-1-checkbox` (with confirmation)	Retiring a rule (setting `IsActiveBool = false`) requires a confirmation dialog because it affects active coding suggestions.
`CodingOptimizationSuggestion` (full entity)	default jtable	`ic-ng21-payer-opt-1-suggestion-panel`	Side-panel showing suggestion cards with accept/reject actions, compliance badge, and original-vs-suggested code comparison. Plain jtable cannot convey the accept/reject workflow.
(synthetic) Scheduling guidance badge	n/a	`ic-ng21-payer-opt-1-scheduling-guidance-badge`	Inline badge in the Scheduling module showing payer-mix guidance status; rendered only when Payer Optimization is enabled and guidance is available.
(synthetic) E/M downcode alert	n/a	`ic-ng21-payer-opt-1-downcode-alert`	Dedicated alert card for E/M downcode suggestions, distinct from upcode cards; ensures downcodes receive equal visual prominence per the compliance requirement.
(synthetic) ROI dashboard	n/a	`ic-ng21-payer-opt-1-roi-dashboard`	Full dashboard with denial-trend chart, payer-mix chart, suggestion acceptance rates, and optimization impact summary. Aggregated org-scoped data only.
(synthetic) Audit log viewer	n/a	`ic-ng21-payer-opt-1-audit-log-viewer`	Filterable audit log display with date-range, action-type, actor, and patient filters. Compliance-officer-facing; not accessible to patient-level roles.

Coding optimization pipeline P1

The coding optimization pipeline runs after the clinician completes an encounter and before the charge is captured. It is triggered via CDS Hooks from the Coding / CDS module, with payer-specific rules applied as an additional CDS card overlay:

flowchart TD
  A[Clinician completes encounter] --> B{PayerOptimizationConfig
IsEnabledBool?}
  B -- No --> Z[No suggestions generated]
  B -- Yes --> C[Fetch active PayerRule set
for the encounter's payer]
  C --> D[Invoke CDS Hooks via
Coding / CDS module]
  D --> E[Evaluate base coding rules
ICD-10 / CPT / E/M levels]
  E --> F[Apply payer-specific
rule overlay]
  F --> G{Compliance validation:
IsCompliantBool?}
  G -- false --> H[Discard suggestion
log to internal audit]
  G -- true --> I{E/M downcode
candidate?}
  I -- Yes --> J[Create downcode
CodingOptimizationSuggestion]
  I -- No --> K[Create upcode/modifier
CodingOptimizationSuggestion]
  J --> L[Surface suggestion cards
to clinician]
  K --> L
  L --> M{Clinician accepts
or rejects?}
  M -- Accept --> N[Apply suggested code
set WasAcceptedBool = true
create OptimizationAuditEntry]
  M -- Reject --> O[Preserve original code
set WasAcceptedBool = false
create OptimizationAuditEntry]

The pipeline is synchronous from the clinician’s perspective (suggestions appear within 2 seconds per NFR-PO-001), but the compliance validation and audit entry creation are asynchronous to avoid blocking the clinical workflow. The IsEnabledBool check at step B is cached (1-hour TTL) to avoid a database round-trip on every encounter.

Payer rules engine — integration with Coding / CDS P0

Payer-specific rules are layered on top of the base coding rules from Coding / CDS. The integration uses CDS Hooks as the transport mechanism:

Hook	Trigger	Payer Optimization contribution
`order-select`	Clinician selects a diagnosis or procedure code	Payer-specific modifier suggestions, bundling rules, and documentation thresholds surfaced as additional CDS cards
`order-review`	Clinician reviews the charge before signing	E/M level validation against payer thresholds; downcode suggestions; pre-auth trigger warnings
`appointment-book`	Scheduler books an appointment	Advisory payer-mix guidance surfaced as a non-blocking card; guardrails enforced before the card reaches the Scheduling module

The payer rules evaluator (rules-evaluator.ts) runs in-process (not a separate microservice) to minimize latency. It evaluates the active PayerRule set for the encounter’s payer against the coding context and produces a list of payer-specific suggestions that are merged with the base CDS suggestions. The compliance validation step runs after the merge, discarding any suggestion where IsCompliantBool = false.

Versioning — worked example P0

All Payer Optimization artifacts are versioned break.feature.bug.buildtimestamp per IC hard rule #9. The example below traces a feature bump on CodingOptimizationSuggestion.

CodingOptimizationSuggestion 1.0.0.20260301T120000Z — Initial schema. 5 business fields plus org-scoped audit columns. Component ic-ng21-payer-opt-1-suggestion-panel and ic-ng21-payer-opt-1-downcode-alert bind to coding-optimization-suggestion@1.0.0.* via the DI manifest.

CodingOptimizationSuggestion 1.1.0.20260615T093000Z — feature bump — Adds a single optional field, PayerRuleID (Guid, FK → PayerRule), to link the suggestion to the specific payer rule that triggered it. Per the IC change matrix:

Change	Version impact	Approval needed	Min permission
Add optional field `PayerRuleID`	feature bump (1.0.0 → 1.1.0)	No	Write (60)

Because the change is backward-compatible, the component tag stays ic-ng21-payer-opt-1-suggestion-panel. Existing UI consumers continue to bind coding-optimization-suggestion@1.x.* and ignore the new field. New UI surfaces that need payer-rule traceability bind coding-optimization-suggestion@^1.1.0. No new database is required (IC rule #13 only applies to break bumps).

CodingOptimizationSuggestion 2.0.0.20280101T120000Z — break bump (illustrative) — An illustrative future break bump: SuggestionReasonString200 is replaced by a structured set of fields (SuggestionCategoryString50, SuggestionDetailText, SupportingDocumentationRefString200). Per the IC change matrix this is change field type + add required fields — break bump, EditAMI (90) approval, and per IC rule #13 a new database is provisioned with ETL from the old one. The component tag becomes ic-ng21-payer-opt-2-suggestion-panel; consumers must re-bind. The old database stays live for the configured grace period (default 90 days) for rollback.

Illustrative. The 2.0.0 example is illustrative of the change matrix and IC rule #13; it is not a committed roadmap item.

Payer Optimization environment details

Env	CDS Hooks	RCM denial feed	Audit container
Dev	Coding / CDS dev sandbox	RCM dev stub (synthetic denials)	Dev container (standard replication)
QA	Coding / CDS QA instance	RCM QA stub (scenario denials)	QA container (standard replication)
UAT	Coding / CDS UAT instance	RCM UAT (realistic denial patterns)	UAT container (synchronous replication)
Prod	Coding / CDS production	RCM production (live denial data)	Prod container (synchronous replication + PITR)

Payer Optimization RBAC notes

Opt-in gate. The opt-in dialog (ic-ng21-payer-opt-1-opt-in-dialog) only renders for users at level ≥ 80 (practice owner). Suggestion cards only render for users at level ≥ 60 (clinician). Audit log viewer only renders for users at level ≥ 70 (billing manager, compliance officer). Patient-level (10) users see nothing from this module.
Guardrail enforcement. The three hard guardrails (no Medicare/Medicaid access reduction, no protected-category discrimination, no payer-margin patient visibility) are enforced at the rules-evaluator level and at the API layer. They cannot be overridden by any configuration or role level.

Cross-Module Dependencies

Coding / CDS — authors and versions the coding rules (ICD-10, CPT, E/M level, modifier rules) invoked at charge-capture time via CDS Hooks. Payer Optimization is a consumer of CDS rules and adds payer-specific overlays; it does not author base coding rules.
Scheduling — scheduling-side payer prioritization provides advisory input to the Scheduling module. The Scheduling module owns the appointment; Payer Optimization provides guidance only, subject to the three hard guardrails.
RCM — denial data flows from RCM into the ROI dashboard; coding suggestions flow from Payer Optimization into the charge captured in RCM. Claim scrubbing and submission remain in RCM; Payer Optimization does not touch the claim.
Clinical Documentation — the coding optimization engine reads clinical documentation (encounter notes, diagnoses, procedures) as its source of truth for suggestion generation. Documentation is global; suggestions are org-scoped.
Data Model — all four Payer Optimization entities are org-scoped operational data following the operational-is-org-scoped pattern. Clinical data read by the engine is global following the clinical-facts-are-global pattern.

Cross-Module Links

RCM — accepted suggestions update ClaimLine codes; scrub rules reference PayerRules
Task Management — suggestion review tasks in clinician worklist
eRx & EPCS — formulary tier data informs coding context