← Policy gallery

cms_privacy_preserving_nonprod

ai-risk-management security pure_temporal ai-governancecmsfederalhealthcaredata-protectionrag-amber

Development and lower environments use synthetic or de-identified data rather than real PII/PHI.

Formula

G(nonprod_data → synthetic_or_deidentified)

Why it matters

CMS Privacy: use synthetic data (e.g. Synthea) and privacy-preserving techniques; de-identification of production data is required in non-production environments (BR-SQ-6).

Examples

passes the CMS AI rule's evidence is present

fails the required control is absent

Use it

ponens policies add cms_privacy_preserving_nonprod --into ./trace.json
ponens trace check ./trace.json