How Intelligence Factory keeps healthcare AI safe, controlled, and explainable
Healthcare organizations do not need another chatbot with a bigger context window. They need AI that produces better outcomes: safer workflows, cleaner evidence, fewer preventable mistakes, more reliable claims, and decisions that survive review.
That is what we build at Intelligence Factory.
Our positioning is deliberately plain: safe, controlled, and explainable AI. In regulated healthcare, those words have to mean something specific. Safe means deterministic systems whose outputs trace back to rules, policies, clinical guidelines, and source records. Controlled means an ontology-driven decision layer that validates model output instead of trusting it. Explainable means auditability by design — not an after-the-fact reporting project assembled when the auditor calls.
Buffaly is the engine behind that philosophy. It is not a prompt wrapper. It is a neurosymbolic runtime that separates language reasoning from execution. LLMs summarize, draft, retrieve, and propose. Buffaly governs what the system is actually allowed to do.
One sentence captures the operating principle:
The LLM proposes. Buffaly enforces.
For our healthcare clients, this is not an architecture preference. It is how we keep AI useful without letting it become dangerous. And a recent federal case shows exactly what happens when nobody enforces anything.
What our clients actually need from AI
Most healthcare AI conversations start with models: which one is best, which one is cheapest, which one tops the latest benchmark.
Those questions matter, but they are not the questions that keep a healthcare operator safe. When I sit down with our clients, the questions sound different:
- Did the system follow the payer policy that was in effect at the time?
- Was the decision supported by source evidence?
- Was the patient record interpreted consistently?
- Were required checks completed before action was taken?
- Were exceptions routed to the right human?
- Can we explain what happened six months from now, during an audit?
- Did sensitive data stay inside controlled systems instead of being pasted into a model's context?
- Can the workflow block an unsafe action, or does it merely warn?
Notice that none of these are questions about the model. They are questions about the system around it. That is why our work is outcome-centered. We are not trying to help healthcare staff talk to software in a more impressive way. We are trying to help organizations operate with fewer preventable failures, better documentation, more reliable reimbursement, a stronger compliance posture, and automation they can defend.
FairPath is the commercial proof. Intelligence Factory's stack powers FairPath, which processes millions of dollars in remote care claims with a 98% payment success rate. That number holds up because of grounded workflows: evidence is captured as work happens, policy checks run consistently, and claims carry auditable reasoning instead of being reconstructed by hand after a denial.
That is what the approach looks like when it works. It is worth looking closely at what happens when the opposite approach fails.
The cautionary tale: Done Global
On July 7, 2026, the U.S. Department of Justice announced sentencing in the Done Global criminal case. The founder and former CEO received a six-year prison sentence, and the former clinical president received two years, following November 2025 jury convictions involving conspiracies to distribute controlled substances and healthcare fraud.
The DOJ attributed more than 37 million Adderall pills and more than $12 million in insurer fraud to the scheme. Those numbers are staggering. But for anyone building software-mediated healthcare workflows, the deeper lesson is architectural.
Based on DOJ statements and trial evidence, prosecutors described a platform whose workflow pushed toward prescriptions rather than clinical judgment — a combination of software defaults, operating incentives, refill processes, prior authorization claims, and missing controls that made unsafe or unsupported behavior easier to continue than to stop.
Several alleged or established failure modes stand out:
- Auto-generated refill workflows. Prosecutors alleged the platform used an auto-refill feature that generated monthly refill requests. Prescribers could allegedly sign off quickly, and some patients reportedly went long periods without meaningful clinical contact.
- Missing hard stops for safety signals. The public record describes concerns around adverse events, psychiatric holds, hospitalization, and even death not reliably stopping refill activity.
- Misaligned incentives. Prosecutors described short initial encounters and compensation tied to patient load or volume rather than longitudinal care quality.
- Prior authorization problems. The case included allegations that prior authorizations represented clinical steps or guideline adherence that had not actually occurred — DSM-5 criteria, non-stimulant trials, required drug screens.
- Pharmacy rejection handling. When pharmacies raised concerns or blocked prescriptions, prosecutors alleged the business sought ways around those blocks rather than treating them as safety signals.
- Audit and evidence concerns. The record included allegations about deleted documents and disappearing messages after scrutiny began — a reminder of why evidence should be immutable and system-generated.
This article is not legal advice, and public allegations should be read through the primary sources. But the technical lesson is clear enough: in regulated healthcare, software architecture shapes clinical and operational behavior. Defaults matter. Queues matter. Compensation rules matter. Missing hard stops matter. Audit trails matter.
Notice that Done Global did not need an LLM to go wrong. A system can be unsafe on ordinary software alone. Put a probabilistic model in the control plane, and the same weaknesses scale faster — with less visibility into why anything happened.
Why our philosophy is different
A prompt wrapper asks the model to behave. Buffaly makes the runtime enforce. That is the fundamental difference, and it plays out concretely.
A prompt can say, "Do not approve a refill if the patient has not been reassessed." Buffaly represents the refill as a typed object, checks the most recent encounter, compares it against the policy interval, and blocks the transition unless the required state exists.
A prompt can say, "Only submit accurate prior authorizations." Buffaly requires every attested fact to point to source evidence before submission.
A prompt can say, "Respect safety signals." Buffaly turns hospitalizations, adverse events, pharmacy rejections, and death records into hard stops or mandatory escalation states.
A prompt can say, "Keep an audit trail." Buffaly makes the graph itself the audit trail: every object, transition, actor, policy version, evidence link, LLM proposal, and human decision recorded as the workflow executes.
This is why we describe Buffaly as an ontology decision layer. It maps complex rules into deterministic logic graphs. It validates and constrains model output against structured domain knowledge and verified sources. It keeps sensitive data behind runtime handles, so the model can reason over references without raw PHI ever entering the prompt. It binds decisions to native code and typed actions instead of leaving the business process inside a text loop.
The result is not AI that sounds safer. It is software behavior that is inspectable, testable, reviewable, and enforceable.
How Buffaly keeps healthcare clients safe
When we say Buffaly keeps clients safe, we mean specific operational protections — not a vibe.
1. We separate language from authority
LLMs are genuinely useful, and we use them where they belong: summarization, language understanding, retrieval, drafting, comparison, and proposal generation.
But the model is never the authority of record. It does not approve the claim, authorize the refill, submit the prior authorization, or decide that a safety signal can be ignored. Authority lives in typed runtime actions, policy graphs, human review, and auditable state transitions.
2. We make unsafe paths harder or impossible
High-risk workflows need executable constraints, not guidance buried in a prompt.
In a Buffaly workflow, a RefillRequest is blocked if a required ClinicalEncounter is missing. A prior authorization is blocked if its supporting evidence is not source-linked. A claim is routed to review if eligibility, documentation, or medical-necessity checks fail.
The system does not merely warn that something may be wrong. It prevents the next state from occurring until the required condition is satisfied — or an authorized, documented override is recorded.
3. We preserve evidence as work happens
Healthcare organizations usually discover documentation problems too late: after the denial, the audit, the appeal, the subpoena.
Buffaly captures evidence during the workflow. The graph records the objects involved, the source records used, the policy version applied, the model output generated, the human decision made, and the state transition performed.
Payer audits and compliance reviews do not reward plausible summaries. They require evidence. We build the evidence in from the start.
4. We keep workflows deterministic where determinism matters
Not every part of an AI system needs to be deterministic. Drafting a summary does not need the same control surface as approving a claim or transmitting a prescription.
But compliance-critical decisions should never depend on a model's mood, hidden context, or probabilistic phrasing. They should be validated against policy graphs, explicit constraints, and structured domain objects. The LLM helps interpret. Buffaly verifies.
5. We protect sensitive data boundaries
Buffaly keeps sensitive data behind runtime handles. In practice, the safest PHI, secrets, and operational records are the values the model never sees directly.
The system reasons over typed references while raw data remains in controlled runtime memory, existing EHRs, client data lakes, or native systems. Data sovereignty stays with the client.
6. We turn repeated work into safer execution
Most agents stay trapped in a text loop: rereading large blobs of context, reasoning in natural language, trying to remember rules through prompts.
Buffaly works differently. Repeated reasoning becomes typed executable capability. Repeated tool use becomes native execution. The model stops orchestrating loops that software can run directly. That is how AI gets cheaper, more reliable, and safer over time — not through bigger prompts, but through less prompting.
The Done Global failure modes as runtime controls
What makes the Done Global case so instructive is that every alleged failure maps directly to a control that a serious healthcare AI system should already have:
- Auto-refill risk maps to typed refill states, mandatory clinical review, and reassessment-interval enforcement.
- Missing safety stops map to hospitalization, death, contraindication, and adverse-event checks in the runtime.
- Pharmacy blocks map to escalation workflows rather than workaround paths.
- Prior authorization allegations map to source-linked evidence requirements for every attested fact.
- Volume-driven incentives map to compensation-plan constraints and operational review.
- Deleted or missing records map to immutable audit events and execution graphs.
To be clear: architecture does not replace clinical governance, legal compliance, or ethical leadership. Nothing does.
What architecture can do is make good governance executable. It can make unsafe paths visible, harder, or impossible. It can force review. It can preserve evidence. It can make behavior auditable. That is what healthcare clients actually need from AI — and it is exactly what a prompt cannot deliver on its own.
An example: the refill workflow done differently
Walk through an AI-assisted refill workflow built with Buffaly.
A patient requests a refill. Buffaly creates a typed RefillRequest. The runtime verifies identity, retrieves the relevant prescription and diagnosis, checks supporting evidence, evaluates the reassessment interval, checks for recent encounters, and scans for hospitalization, death, contraindication, adverse-event, and pharmacy-rejection signals.
Only then does the LLM summarize the case for a clinician.
That summary can be genuinely valuable — recent history, current medication, prior decisions, open risks, relevant guidelines. But it is still a proposal.
The clinician reviews the source-linked evidence and makes a typed decision: approve, modify, deny, or escalate. Buffaly records the identity, timestamp, findings, policy version, evidence links, and final state transition.
If required evidence is missing, the workflow does not proceed. If a hard stop is active, the refill is blocked or escalated. If an override is permitted, it is explicit, permissioned, reasoned, and auditable.
That is the difference between an LLM-assisted workflow and an LLM-controlled one. In the first, the model makes clinicians faster. In the second, the model quietly becomes the decision-maker — and nobody notices until the audit.
What this means for providers and payers
For providers, AI can reduce administrative burden without turning compliance into a black box. Staff get better summaries, cleaner routing, more consistent checks, and fewer manual reconstruction projects after something goes wrong.
For payers, evidence attaches to the work itself. The system can show why a claim, authorization, or review moved forward, which policy applied, and what source records supported it.
For digital health companies, AI can support scale without hiding risk in prompts and chat transcripts. The control plane stays inspectable.
For patients, automation is less likely to outrun the safety checks that exist to protect them.
These are the outcomes we care about: safer workflows, stronger evidence, more predictable reimbursement, fewer avoidable compliance failures, and AI systems that can be explained under pressure.
The Intelligence Factory position
Our view is simple: the future of healthcare AI is not bigger prompt wrappers. It is controlled intelligence connected to real execution.
Intelligence Factory builds systems where:
- language models are assistants, not the control plane;
- every important output is tied to a rule, policy, guideline, or source record;
- decisions produce auditable reasoning traces;
- workflows run through typed contracts and explicit constraints;
- sensitive data stays under client control;
- repeated reasoning becomes deterministic capability;
- compliance-critical actions are verified against ontology-backed policy graphs.
That is what we mean by safe, controlled, and explainable AI.
If you are evaluating AI for healthcare operations, the most important question is not which model has the best demo. It is what happens when the model is wrong, incomplete, overconfident, or asked to do something unsafe.
Does the system merely ask the model to behave? Or does the runtime enforce the rules?
That is the difference between a prompt wrapper and Buffaly. It is the difference between AI that sounds helpful and AI that can be trusted with healthcare operations.
If that is the standard you want your AI held to, we should talk. You can see how Buffaly's deterministic runtime, ontology decision layer, and audit-by-design architecture work — and what FairPath's results look like in production — at IntelligenceFactory.ai.
Sources and note
This analysis is based on public records and statements regarding the Done Global case, including DOJ and DEA press releases, the unsealed indictment, IRS Criminal Investigation materials, OIG telemedicine fraud alerts, and related public policy materials.
This article is a technical and architectural analysis, not legal or clinical advice. Facts regarding the Done Global case are drawn from public sources and should be read as established, alleged, charged, or inferred according to the underlying source. Software architecture can enforce policy, preserve evidence, and reduce operational risk, but it does not guarantee legal compliance. Legal and clinical conclusions should be drawn only with qualified professionals.