# Claims & Policy Service Evidence Desk

## Purpose

A private preparation desk that helps insurance clerks build accurate, reconstructable claim and policy-service handoffs while keeping coverage, decisions, investigation, policy transactions, messages, and money with the authorized human role.

**Terminal state:** `approval_ready`

## Screen 1 — Jurisdiction and authority card

```yaml
carrier_or_administrator:
state_or_territory:
line_and_product:
admitted_nonadmitted_or_program:
claimant_or_insured_location:
loss_or_service_location:
carrier_procedure_version:
state_authorities: []
federal_program_or_plan_authorities: []
clerk_role:
license_appointment_if_any:
authorized_actions: []
prohibited_actions: []
adjuster_underwriter_producer_contacts:
legal_regulatory_privacy_security_contacts:
payment_authority:
```

If jurisdiction, line, role, or carrier authority is missing, the desk can inventory intake only. It cannot prepare a decision or transaction.

## Screen 2 — Intake event

```yaml
intake_id:
received_at:
channel:
source_locator:
exact_sender_words:
clerk_summary:
ai_summary:
request_type: new_claim_notice | existing_claim_document | policy_service_request | complaint | appeal | regulator_or_legal | security_incident | unknown
claim_policy_reference_as_supplied:
reported_event_service_dates:
requested_action:
attachments: []
asserted_deadline:
language_accessibility:
privacy_classification:
```

The route is operational only. It does not decide timeliness, coverage, eligibility, or whether the requested policy action can occur.

## Screen 3 — Identity and authority gate

```yaml
party_claimed_role:
verification_procedure_id:
verification_performed_by:
verification_receipt:
representation_documents: []
disclosure_scope:
account_action_scope:
capacity_or_authority_conflicts: []
state: unverified | verified_limited | verified | specialist_review
```

AI cannot authenticate identity, interpret authority documents, or expose account information. `unverified` and ambiguous scope block disclosure and action.

## Screen 4 — Evidence inventory

```yaml
evidence_id:
source:
received_at:
document_type:
subject_and_date:
pages_or_files:
hash:
privacy_class:
state: received_unverified | source_verified | carrier_record | third_party_statement | qualified_expert_record | duplicate | conflicting | illegible_or_incomplete | restricted | uncertain
related_request_or_loss:
duplicate_of:
conflicts_with: []
notes_without_conclusion:
```

The screen prohibits truth, liability, causation, coverage, damage, repair, medical, or fraud conclusions.

## Screen 5 — Policy/document version stack

```yaml
document_id:
type: policy | declaration | certificate | endorsement | rider | application | plan_document | notice | transaction_record | procedure | regulation
edition_and_version:
effective_and_expiration_dates:
signed_or_issued_state:
jurisdiction_and_line:
source_system:
retrieved_at:
hash:
supersedes:
superseded_by:
conflicts: []
controlling_version_selected_by:
```

Only an authorized role may populate `controlling_version_selected_by`. AI comparison can identify textual differences but cannot choose or interpret the operative provision.

## Screen 6 — Missing-information request draft

```yaml
requested_item:
already_received_items: []
request_basis_type: approved_checklist | authorized_reviewer_instruction | confirmed_rule | applicable_form
request_basis_locator:
operational_reason:
minimum_necessary_check:
secure_return_channel:
deadline_and_source:
accessibility_options:
prohibited_implications_check:
reviewer:
exact_payload_hash:
state: draft | blocked | approval_ready
```

No send control exists. Unsupported deadlines, duplicative requests, excessive medical/financial data, accusations, or unreviewed coverage language block approval.

## Screen 7 — Neutral status draft and correspondence QA

```yaml
recipient_and_verified_authority:
claim_policy_request_id:
confirmed_status_events: []
decision_terms_present: []
policy_quotes_and_exact_source: []
required_notices_and_template_version:
dates_and_deadline_sources: []
attachments_and_hashes: []
privacy_redactions:
language_accessibility:
promises_admissions_or_waivers: []
reviewer_role:
payload_hash:
state: draft | needs_authority | approval_ready
```

Decision terms require an existing authorized decision artifact and separate communication review. Otherwise the draft is blocked.

## Screen 8 — Fraud/security observation route

```yaml
observation_id:
rule_or_signal_source:
neutral_observation:
supporting_evidence_ids: []
person_labeled_fraudulent: false
payment_or_account_change_hold:
known_channel_verification_required:
authorized_destination: security | SIU | antifraud | privacy | supervisor
confidentiality_class:
external_reporting_allowed: false
investigation_allowed: false
```

The system never scores criminality, performs surveillance, searches private sources, contacts a subject/regulator/law enforcement, or changes a claim outcome.

## Screen 9 — Privacy and access card

```yaml
data_categories: []
purpose:
applicable_regime: state_insurance_privacy | HIPAA | ERISA_plan | workers_comp | consumer_reporting | other | unresolved
minimum_needed:
approved_systems: []
allowed_roles: []
restricted_roles: []
retention_and_destruction_source:
disclosure_log_required:
breach_or_security_route:
unapproved_ai_data_present: false
```

If applicability is unresolved, use the most restrictive configured path and escalate; the AI does not determine law.

## Screen 10 — Decision handoff

```yaml
exact_question:
required_authority: adjuster | examiner | underwriter | producer | carrier | plan_administrator | legal | medical | repair | regulator | payment | security_SIU
facts_without_conclusion: []
evidence_ids: []
missing_or_conflicting_items: []
document_stack_ids: []
jurisdiction_line_plan:
deadline_and_source:
draft_correspondence_id:
ai_outcome_recommendation_present: false
assigned_authorized_human:
```

The required authority must match the question. A clerk or AI cannot become the fallback decision-maker when a queue is delayed.

## Screen 11 — Append-only audit trail

```yaml
event_id:
timestamp:
actor_or_system:
action: received | accessed | extracted | classified | verified | drafted | corrected | escalated | decision_referenced | approval_recorded
source_ids: []
before_hash:
after_hash:
reason:
authority:
privacy_class:
supersedes_event:
```

Corrections create a new event. No event is silently rewritten or deleted.

## Screen 12 — Exact approval packet

```yaml
packet_id:
carrier_state_line:
claim_policy_request_id:
verified_party_role_and_receipt:
requested_external_action:
document_stack_and_conflicts: []
evidence_inventory_ids: []
privacy_classifications: []
exact_payload_and_attachment_hashes: []
policy_rule_template_review_receipts: []
authorized_decision_artifact:
deadline_source:
escalation_state:
approver_name_and_role:
authority_scope:
approved_at:
expires_at:
rollback_or_correction_path:
terminal_state: approval_ready
```

There is no execution control. `approval_ready` means a human can carry the packet into the carrier’s separately controlled workflow; it does not authorize this desk to act.

## AI behavior contract

AI may:

- extract and index supplied documents;
- identify duplicates, missing fields, inconsistent identifiers, dates, and versions;
- compare policy/procedure text without interpreting application;
- draft narrow missing-information and status messages from approved sources;
- run correspondence QA and privacy checks;
- create neutral fraud/security observation packets;
- assemble handoffs, audit events, and approval packets.

AI may not:

- interpret coverage or policy application;
- determine liability, eligibility, benefits, medical necessity, causation, valuation, repair, fraud, price, premium, or payment;
- investigate, surveil, interview, negotiate, settle, approve, deny, or authorize funds;
- quote, bind, issue, change, endorse, renew, nonrenew, rescind, or cancel coverage;
- authenticate identity or decide representation/capacity;
- send messages, upload/file reports, write portals/accounts, call external mutation APIs, deploy, or take public/account action.

## Acceptance tests

1. “Is this loss covered?” routes to an authorized adjuster/examiner with no AI answer.
2. “How much will we pay?” routes to decision/payment authority with no estimate presented as a decision.
3. A policy-change request creates a preparation packet but cannot alter coverage.
4. An unverified representative cannot receive account or claim information.
5. Conflicting endorsements block selection of a controlling version.
6. A duplicate document is not requested again.
7. A model-law deadline cannot populate a live deadline without state/carrier confirmation.
8. A status draft cannot use “denied,” “covered,” “fraud,” “paid,” “bound,” or “cancelled” without an authorized artifact.
9. A suspicious duplicate invoice produces a neutral SIU/security route, not a fraud finding.
10. Changed payment instructions trigger a hold and known-channel verification; no funds move.
11. PHI cannot enter an unapproved AI system; HIPAA applicability is not assumed for every insurance file.
12. A corrected extraction adds an audit event rather than overwriting history.
13. A licensed producer, adjuster, underwriter, lawyer, medical expert, repairer, regulator, and payment role remain distinct.
14. Every message, claim/policy decision, transaction, account write, filing, payment, and public action control is absent or disabled.

## Synthetic pilot

Create only fictitious documents marked `SYNTHETIC TRAINING DATA`:

- storm-loss intake with an unanswered coverage/payment question;
- identity/authority checklist;
- evidence inventory with duplicate photos and incomplete estimate;
- policy/endorsement stack with one deliberate version conflict;
- narrow missing-information request draft;
- neutral status draft and QA report;
- fraud/security route showing no fraud conclusion;
- adjuster decision handoff;
- append-only audit trail;
- exact approval packet.

No real consumer data, carrier access, message, account write, coverage action, investigation, payment, deployment, or public action is included.
