Add compliance-config.json#1405
Open
allaway wants to merge 1 commit into
Open
Conversation
Adds the ARPA-H BDF ENHANCE Scorecard regulatory-applicability questionnaire (compliance-config.json) at the repo root. Uses the canonical 18-key format used by other BDF program tools. synapseclient is characterized as low-risk, data-agnostic research infrastructure: all flags false except is_low_risk. These are compliance attestations that should be signed off by the Sage program lead / compliance before being treated as authoritative. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
andrewelamb
reviewed
Jun 11, 2026
| "is_administrative_or_lifestyle_only": false, | ||
| "is_low_risk": true, | ||
| "has_fda_regulated_function": false, | ||
| "is_consumer_facing": false, |
Contributor
There was a problem hiding this comment.
With the caveat that I don't know what these fields mean exactly: Is this correct? I would argue that the PythonClient IS consumer facing.
andrewelamb
reviewed
Jun 11, 2026
| "is_low_risk": true, | ||
| "has_fda_regulated_function": false, | ||
| "is_consumer_facing": false, | ||
| "interacts_with_phr": false, |
Contributor
There was a problem hiding this comment.
I'd also argue the PythonClient DOES interact with PHR
Member
There was a problem hiding this comment.
PHR? personal health record?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
compliance-config.jsonat the repo root to satisfy the ARPA-H BDF ENHANCE Scorecard compliance-configuration check. The file is the regulatory-applicability questionnaire (HIPAA / FDA / EHI / children's-data boolean flags), using the canonical 18-key format also used by other BDF program tools (e.g.helxplatform/Koios,alico-cra/bdf-mock-tool).Profile chosen
synapseclientis characterized as low-risk, data-agnostic research data-management infrastructure — a client library/CLI that transfers whatever files a user provides, with PHI/governance handled at the Synapse platform level rather than inherent to the client. Accordingly, every flag isfalseexceptis_low_risk: true.collects_health_infofalsehas_identifiable_health_infofalseis_health_planfalseis_healthcare_providerfalseoffers_certified_hitfalseenables_ehi_exchangefalserequires_prescriptionfalseworks_for_covered_entityfalseintended_for_medical_usefalseis_administrative_or_lifestyle_onlyfalseis_low_risktruehas_fda_regulated_functionfalseis_consumer_facingfalseinteracts_with_phrfalseintended_for_childrenfalsehas_child_oriented_featuresfalsechildren_using_appfalseoffers_substance_use_treatmentfalseValidation
pre-commithooks (check-json, etc.) pass.These are compliance attestations, not dummy values. Please have the Sage program lead / compliance confirm the regulatory posture before treating this as authoritative — in particular
collects_health_info,has_identifiable_health_info,works_for_covered_entity, andis_consumer_facingwere judgment calls (both example BDF tools setis_consumer_facing: true; this PR sets itfalsesince the client is a developer/researcher tool).🤖 Generated with Claude Code