SDK Quick Start — Healthcare & Life Sciences

Getting started: Healthcare & Life Sciences

This guide takes you from install to your first attributed governance record in healthcare & life sciences. You will install the SDK, configure a provider, instrument a workflow step with the real OTel attribute vocabulary from this vertical, and have a reviewable evidence record in your portal within an afternoon. There is no scaffolding project — just your API key and the three steps below.

Why this matters right now. As of March 2026, agentic AI in healthcare is deployed across: ambient clinical documentation (AI scribes replacing manual note-taking), autonomous prior authorisation workflows under CMS-0057-F (72h expedited / 7-day standard deadlines in force Jan 2026), AI-powered diagnostics (radiology triage, pathology, ECG interpretation), revenue cycle automation (claims scrubbing, denial management), patient engagement agents (appointment scheduling, chronic disease monitoring), medication management (dose optimisation, interaction checking, prior auth for specialty pharmacy), clinical trial matching and protocol deviation detection, and PHI de-identification for research. HIPAA BAA requirements apply to all agentic AI vendors handling PHI. The HHS OCR proposed January 2025 HIPAA Security Rule update removes required/addressable distinctions and adds mandatory encryption and continuous monitoring — directly affecting agentic AI deployments. CMS-0057-F requires payers to report prior authorisation metrics publicly by March 31, 2026 and implement all five FHIR APIs by January 1, 2027. The proposed HIPAA Security Rule update (January 2025) shortens breach notification timelines and mandates continuous monitoring — agentic AI systems handling ePHI must be included in risk analysis. Over 1,000 FDA-cleared AI/ML-enabled medical devices exist as of end-2024; the December 2024 PCCP final guidance and January 2025 draft guidance govern their lifecycle management.

How the layering works

You are not adopting a separate product surface for this vertical. You are adding a market-specific vocabulary layer on top of the same core session model used everywhere in VeriProof.

If you need the cross-industry baseline first, open the core SDK reference, Python core, or .NET core before continuing here.

Step 1 — Install

TypeScript / Node.js

npm install @veriproof/sdk-core

Python

pip install veriproof-sdk

.NET

dotnet add package Veriproof.Sdk

Step 2 — Configure

Call the configuration helper once, before any AI framework initialises. After that call, every OTel span in the process — whether emitted by your code or by a framework adapter — is exported automatically to VeriProof.

Your API key comes from the VeriProof portal. Try a live demo to see the portal before you register, or start a free Builder account and use the environment variable pattern above directly.

Need a production credential path rather than sandbox exploration? Get API access for a Builder account, or contact the team if you need an architecture or compliance review alongside implementation.

Step 3 — Instrument your workflow

The governance vocabulary for this vertical lives in the Healthcare & Life Sciences reference. Use the OTel attribute names below — they are the same names the portal uses in evidence records and the same names your policy engine will evaluate. Consistency here is the point.

TypeScript example

import { configureVeriproof, VeriproofClient, VeriproofSdkOptions, SessionMetadata } from '@veriproof/sdk-core';
import { ClinicalConditionStatus, ClinicalConditionStatusMeta, DiagnosticObservationStatus, DiagnosticObservationStatusMeta } from '@veriproof/sdk-core/verticals/healthcare-life-sciences';

// Call once at application startup
configureVeriproof(
  VeriproofSdkOptions.createProduction({
    apiKey: process.env.VERIPROOF_API_KEY!,
    applicationId: 'healthcare-life-sciences-app',
  }),
  { serviceName: 'healthcare-life-sciences-app', setGlobal: true },
);

// Instrument a governed workflow
const client = new VeriproofClient(
  VeriproofSdkOptions.createProduction({ apiKey: process.env.VERIPROOF_API_KEY! }),
);

const session = client
  .startSession('healthcare.life.sciences.review')
  .withSessionMetadata(SessionMetadata.forTransaction('txn-001').withEnvironment('production'))
  .addStep('evaluate', { output: { status: 'completed' } })
  .withMetadata(ClinicalConditionStatusMeta.otelAttribute, ClinicalConditionStatus.active)
  .withMetadata(DiagnosticObservationStatusMeta.otelAttribute, DiagnosticObservationStatus.registered)

await session.complete();

Python example

import os
from opentelemetry import trace
from veriproof_sdk import VeriproofClientOptions, configure_veriproof
from veriproof_sdk.verticals import healthcare_life_sciences as hls

# Call once at application startup
configure_veriproof(
    VeriproofClientOptions(
        api_key=os.environ["VERIPROOF_API_KEY"],
        application_id="healthcare-life-sciences-app",
    ),
    service_name="healthcare-life-sciences-app",
    set_global=True,
)

tracer = trace.get_tracer(__name__)

# Instrument a governed workflow
with tracer.start_as_current_span("healthcare_life_sciences.review") as span:
    span.set_attribute(hls.ClinicalConditionStatus.__otel_attribute__, hls.ClinicalConditionStatus.active.value)
    span.set_attribute(hls.DiagnosticObservationStatus.__otel_attribute__, hls.DiagnosticObservationStatus.registered.value)
    span.set_attribute(hls.CareAppointmentStatus.__otel_attribute__, hls.CareAppointmentStatus.proposed.value)
    ...

.NET example

using Veriproof.Sdk;
using Veriproof.Sdk.Core.OpenTelemetry.Verticals.HealthcareLifeSciences;

// Configure once at application startup
builder.Services.AddVeriproof(options =>
{
    options.ApiKey = builder.Configuration["VERIPROOF_API_KEY"]!;
    options.ApplicationId = "healthcare-life-sciences-app";
});

// Instrument a governed workflow step
using var activity = ActivitySource.StartActivity("evaluate");
    activity?.SetTag(ClinicalConditionStatus.Metadata.OtelAttribute, ClinicalConditionStatus.active);
    activity?.SetTag(DiagnosticObservationStatus.Metadata.OtelAttribute, DiagnosticObservationStatus.registered);
    activity?.SetTag(CareAppointmentStatus.Metadata.OtelAttribute, CareAppointmentStatus.proposed);

How teams use this in production

• Prior Authorisation & Utilisation Management: Prior Authorization Status. OPA rule: SLA gate — deny claim for autonomous PA determination when elapsed_hours > 72 (expedited) or elapsed_days > 7 (standard) and status is not in terminal states {approved, denied_*, cancelled_by_provider}. Escalate to human reviewer. (Cms 0057 F: CMS-0057-F: 72h expedited PA decision; 7-day standard PA decision; metrics reporting Jan 1 2026; PA API Jan 1 2027)
• PHI Data Governance & HIPAA Compliance: Business Associate Agreement Status. OPA rule: block any agentic tool action that would transmit or store PHI with a vendor whose baa_status is not baa_executed_active. Block AI model training on PHI when status is not_required_no_phi_access without first applying de-identification. (Hipaa 164 504: HIPAA 45 CFR 164.504(e) — BAA requirements for business associates)

Next steps

• Open the full Healthcare & Life Sciences governance reference for all 36 enum categories, policy patterns, and source standards.
• Review TypeScript SDK core for advanced session-builder options, batch export, and Merkle verification.
• Review Python SDK core for decorator-based annotations and framework adapter options.
• Review .NET SDK core for Semantic Kernel, AutoGen, and Activity-based instrumentation.
• Browse all vertical references to understand how the core governance vocabulary layers underneath vertical-specific attribute sets.
• Compare this guide with the public industry pages if you need the commercial and workflow framing behind the same vocabulary.