ABT-M

Medical

Provider-patient bubble architecture with cross-bubble re-authorization. Patient retains key custody across care transitions.

Filed · Patent pending

Sid Ratnam

ABT methodology family · variant ABT-M · counsel memorandum

Each department sees its bubble — and no further

A worked example of department-scoped bubble keys, patient-controlled cross-bubble authorization, and structural enforcement of the minimum necessary standard in the medical variant of the ABT methodology family.

U.S. Provisional Patent 64/056,353 · Filed May 4, 2026 · Foundational specification: ABT envelope-tier architecture

Abstract

The ABT-M variant applies the foundational envelope-tier architecture to protected health information, with cross-department care transitions as the canonical scenario. The variant-specific architectural elements are: department-scoped bubble keys, in which each care department holds a cryptographic key that decrypts only the tier projection authored for that department; structural cross-bubble isolation, such that a department cannot access another department's records regardless of institutional proximity or shared infrastructure; and patient-controlled cross-bubble projection, in which a patient may authorize a scoped disclosure from one department's tier to another's, specifying which fields are included, for which encounter, and for what time period. This memorandum follows Yusuf Ibrahim across a cardiology encounter and an oncology referral, tracing the authorization path and the minimum-necessary enforcement at each transition.

I. The cardiology encounter — first bubble construction

Ibrahim presents to cardiology — a department-scoped projection

Ibrahim's health record envelope is constructed with independent tier keys for each department. The cardiology bubble key holds its projection. The oncology bubble key, at this stage, addresses an empty tier — no oncology data yet exists.

Actor	Function	Tier access
Yusuf Ibrahim Patient · first party	Presents to cardiology; authorizes cardiology tier construction; holds root health key `hk_ibrahim`	Root key — can construct any tier projection; cannot unilaterally release a tier key to another department
Regional Hospital — Cardiology Care department · second party	Records encounter, ECG, medication, risk assessment into cardiology tier	Cardiology bubble key — decrypts cardiology projection; cannot decrypt oncology tier
Regional Hospital — Oncology Care department · third party at this stage	No involvement in this encounter	Oncology bubble key — can decrypt oncology tier when present; does not hold cardiology bubble key

Legal significance — HIPAA § 164.502(b) minimum necessary; 45 CFR Part 164. HIPAA's minimum necessary standard requires that covered entities make reasonable efforts to limit the use, disclosure, and request of protected health information to the minimum necessary to accomplish the intended purpose. ABT-M operationalises this standard by cryptographic scope: oncology's bubble key cannot decrypt cardiology's tier. The minimum necessary standard is not a policy commitment that can be waived — it is the cryptographic boundary of each department's bubble key.

II. Oncology referral — cross-bubble access request

Oncology cannot read cardiology's tier — the request must go to Ibrahim

Upon Ibrahim's referral to oncology, the oncologist identifies a treatment compatibility question requiring knowledge of his cardiac medication history. Oncology cannot retrieve this from the cardiology department — it does not hold the cardiology bubble key. The request is routed to Ibrahim.

This routing is not a procedural design choice — it is the architectural consequence of bubble key independence. Even if both departments operate within the same hospital system, on the same electronic health record platform, the oncology bubble key cannot be used to decrypt the cardiology tier. The decryption key required simply does not exist within oncology's credential store.

The request to Ibrahim specifies the fields sought (cardiac medications, recent QTc interval, ASCVD risk score), the purpose (chemotherapy protocol selection), the scope (single encounter, 30 days), and the authorising oncologist. Ibrahim reviews and authorizes a scoped projection from his device.

Legal significance — patient authorization under HIPAA § 164.508; scope of consent. HIPAA § 164.508 requires a valid authorization for uses or disclosures of PHI not covered by the treatment exception. ABT-M's cross-bubble authorization corresponds structurally to a § 164.508 authorization: it names the information disclosed (cardiac medications, QTc, ASCVD risk), the receiving party (oncology), the purpose (treatment compatibility), and the expiration (30 days or end of encounter). Unlike a paper authorization that is often captured globally at admission, the cross-bubble authorization is per-disclosure, per-encounter, and per-scope — a cryptographically bound consent that is specific to the data actually transferred.

III. The scoped cross-bubble projection

Ibrahim authorizes — three fields, one encounter, thirty days

Ibrahim constructs a cross-bubble projection from the cardiology tier to the oncology tier key. The projection includes only the fields he authorized. The complete cardiology record remains sealed to oncology.

Cross-bubble projection · encounter_c8d2 → onco_encounter_f1a9

cardiac_medicationsMetoprolol 50mg · Lisinopril 10mg

ASCVD_10yr_risk8.4% · stable arrhythmia

QTc432ms

full_ECG_record— excluded from cross-bubble scope by patient —

full_cardiology_notes— excluded from cross-bubble scope by patient —

authorization_refAUTH-IBR-2025-0031 · patient-signed · hash-chained

Architectural note. The sealed rows in the cross-bubble projection are not redacted fields that oncology received and cannot see. They were never included in the oncology-addressed projection. Oncology's bubble key decrypts only the three fields Ibrahim chose to include. The full cardiology record remains in the cardiology tier, addressed only to the cardiology bubble key.

Legal significance — HIPAA § 164.502(b) minimum necessary; 42 CFR Part 2 substance use records. The minimum necessary standard requires that only those fields actually required for the stated purpose be included in a disclosure. Ibrahim's cross-bubble authorization structurally enforces this: the projection contains only QTc, cardiac medications, and ASCVD risk — the fields the oncologist specified as necessary for chemotherapy protocol selection. The full ECG record is not necessary for that purpose and is not included. For 42 CFR Part 2 (substance use disorder records), the same architecture applies with an additional structural constraint: a substance use encounter bubble cannot be included in a cross-bubble projection without a separate, specific consent naming that program — a consent that is distinct from the general cross-bubble authorization.

IV. Minimum necessary — structural analysis

What oncology holds, and what it cannot compel

After the authorized cross-bubble projection, this is the complete inventory of what oncology holds regarding Ibrahim's cardiac care.

Field	In oncology's possession	Basis
Cardiac medications	Yes — Metoprolol 50mg, Lisinopril 10mg	Patient-authorized cross-bubble projection AUTH-IBR-2025-0031
ASCVD 10yr risk score	Yes — 8.4%	Same authorization
QTc interval	Yes — 432ms	Same authorization
Full ECG record	No	Excluded from cross-bubble scope by patient
Detailed cardiology notes	No	Cardiology tier sealed to oncology bubble key; no authorization granted
Future cardiology encounters	No — authorization expired after 30 days	Cross-bubble authorization is per-encounter; expiry resets access

A subpoena directed at oncology for Ibrahim's "complete cardiac history" cannot be satisfied — oncology does not hold it. Oncology holds three fields from one encounter, for the period authorized. That is the structural limit of what the cross-bubble projection delivered.

A subpoena directed at cardiology for "all records shared with oncology" also cannot be satisfied in the way typically anticipated: cardiology did not send records to oncology. Ibrahim constructed a projection from his device. Cardiology's records remain in the cardiology tier. The disclosure event was Ibrahim's, not cardiology's.

Legal significance — third-party subpoena analysis; first-party disclosure architecture. Under traditional EHR sharing models, a hospital department's disclosure of records to another department is a covered entity disclosure, subject to compelled production from either institution. ABT-M reframes the disclosure event: the cross-bubble projection is constructed by the patient, not by cardiology. Cardiology did not "disclose" to oncology — Ibrahim disclosed to oncology from his own key. This has implications for the third-party doctrine (data held by a provider is subject to compelled production without the patient's knowledge); under ABT-M, the cross-bubble projection is not a provider's record — it is the patient's authorized output, constructed at the patient's device.

ABT methodology family · ABT-M medical variant · counsel reference document · US Provisional Patent 64/056,353 · Filed May 4, 2026

sidratnam.com