Wearable cardiac monitoring AI · Teleconsultation triage AI · Home monitoring device AI · Patient wound assessment AI

Prompt injection in telehealth and remote patient monitoring AI

Telehealth and remote patient monitoring (RPM) AI has become the longitudinal care infrastructure for managing chronic conditions, monitoring post-acute recovery, detecting cardiac arrhythmias, and triaging acute care needs outside the hospital across the US healthcare system at a scale that concentrates life-critical clinical decision support in AI systems that process patient-submitted and device-generated image inputs: Teladoc Health AI is deployed across the Teladoc Health telehealth platform serving more than 80 million members across the US, Canada, and internationally, processing teleconsultation video frame images, patient-submitted symptom photographs, and dermatological condition images through AI-assisted clinical triage, symptom assessment, and physician decision support tools that inform telehealth clinicians’ acute care triage determinations, prescription decisions, and specialist referral recommendations; Philips BioTelemetry AI (now Philips Remote Cardiac Services) is deployed at cardiac monitoring centres and hospital cardiology departments across the US and internationally, processing cardiac rhythm strip display images, Holter monitor report screenshots, and event monitor device display photographs through AI-assisted cardiac arrhythmia detection and clinical alert generation tools that identify abnormal cardiac rhythms requiring immediate clinical response, with more than 1 million patients monitored annually; iRhythm Zio AI processes ambulatory cardiac monitoring patch data and associated waveform display images for more than 750,000 patients annually through AI-assisted cardiac arrhythmia detection tools that produce physician-reviewed Zio Reports used by cardiologists and primary care physicians for arrhythmia management; Current Health AI (now Best Buy Health) and Biofourmis AI process continuous patient monitoring device display photographs and multi-parameter vital sign trend images through AI-assisted patient deterioration detection and clinical escalation tools deployed in hospital-at-home and post-acute care programmes; Omada Health AI and Livongo (Teladoc) AI process patient wearable device data display screenshots from glucose monitors, blood pressure monitors, and weight scales through AI-assisted chronic disease management tools for diabetes, hypertension, and heart failure programmes serving millions of patients across the US. These telehealth and RPM AI platforms share a structural vulnerability that creates adversarial image injection exposure with patient safety, HIPAA compliance, and medical malpractice consequences: each depends on wearable device display photographs, teleconsultation video frames, home monitoring device images, and patient-submitted symptom photographs that pass through AI processing layers before their output governs cardiac arrhythmia alert generation, clinical triage determinations, patient deterioration escalations, and chronic disease management recommendations — and each operates under regulatory frameworks where AI output manipulation creates patient death and injury risk, HIPAA 45 CFR Part 164 privacy and security rule violations, CMS 42 CFR Part 410 telehealth billing compliance failures, False Claims Act 31 USC § 3729 fraud exposure, and state medical board licensing and malpractice liability.

TL;DR

Telehealth and remote patient monitoring AI platforms — Teladoc Health AI, Philips BioTelemetry AI, iRhythm Zio AI, Current Health AI, Biofourmis AI, Omada Health AI, Livongo AI — process cardiac rhythm display photographs, teleconsultation video frames, home patient monitoring device images, and patient-submitted wound and symptom photographs through AI-assisted arrhythmia detection, clinical triage, patient deterioration monitoring, and chronic disease management pipelines. Adversarially crafted images submitted through wearable cardiac monitor display channels, teleconsultation clinical interfaces, home monitoring device photograph APIs, and patient symptom photo upload portals can cause AI systems to suppress cardiac arrhythmia detection alerts that would otherwise trigger immediate clinical response, misclassify teleconsultation patient presentation causing incorrect acute care triage, hide patient vital sign deterioration indicators that should generate escalation alerts, and falsify wound healing progression assessments — triggering HIPAA Security Rule 45 CFR § 164.312 technical safeguard obligations, CMS Remote Patient Monitoring CPT code billing compliance requirements under 42 CFR Part 410, False Claims Act 31 USC § 3729 triple damages exposure for fraudulent Medicare/Medicaid billing, and state medical malpractice liability with wrongful death damages. Glyphward scans each image at the ingestion boundary with a threshold of ≥ 50-60 across all four telehealth and remote patient monitoring AI contexts. Free tier — 10 scans/day, no card required.

Four adversarial injection surfaces in telehealth and remote patient monitoring AI

1. Wearable cardiac monitor display AI injection (Philips BioTelemetry AI, iRhythm Zio AI)

Wearable cardiac monitor display AI processes photographs of cardiac rhythm strip display screens, Holter monitor real-time data display images, ambulatory cardiac event monitor device display photographs, and cardiac patch sensor data dashboard screenshots submitted through AI-assisted cardiac arrhythmia detection and clinical alert generation tools that extract cardiac rhythm classification values, arrhythmia event confidence scores, heart rate variability parameters, and RR-interval anomaly indicators from cardiac monitor display image inputs, generating arrhythmia detection alerts, clinician notification triggers, and Zio Report summary data that inform cardiologists’ and primary care physicians’ acute arrhythmia management decisions, anticoagulation therapy initiation recommendations, and electrophysiology specialist referral determinations. Philips BioTelemetry AI processes cardiac rhythm strip display images and remote cardiac monitoring data displays from its cardiac monitoring centre network through AI-assisted arrhythmia classification tools deployed at cardiac monitoring centres serving hospitals and cardiology practices across the US, processing the cardiac rhythm data for more than 1 million patients annually and generating clinical arrhythmia alerts that govern whether monitoring centre clinical staff immediately notify the attending physician of a detected arrhythmia requiring urgent clinical response. iRhythm Zio AI processes ambulatory cardiac monitoring waveform data and associated display images from the Zio XT and Zio AT patches through AI-assisted arrhythmia detection tools for more than 750,000 patients annually, generating physician-reviewed Zio Reports that serve as the clinical documentation basis for arrhythmia diagnosis and treatment planning.

The adversarial injection surface is the cardiac rhythm strip display photograph and cardiac monitor data dashboard screenshot submission pathway: cardiac rhythm display photographs submitted through Philips BioTelemetry AI or iRhythm Zio AI cardiac monitoring interfaces for AI arrhythmia classification, alert threshold determination, and clinical notification trigger generation. An adversarially crafted cardiac rhythm display photograph — in which pixel perturbations applied to the ventricular fibrillation waveform indicator, atrial fibrillation irregular RR-interval display, or clinically significant arrhythmia episode marker on a cardiac monitoring system display photograph cause the AI to classify a display showing a detected arrhythmia as normal sinus rhythm or low-priority cardiac noise when the actual monitor display documents a clinically significant arrhythmia episode meeting the monitoring protocol’s threshold for immediate clinical notification — can suppress a cardiac arrhythmia clinical alert that would otherwise trigger immediate attending physician notification, delaying the clinical response to an acute cardiac arrhythmia event during the period between adversarial image submission and the next monitoring cycle that generates a new AI classification. In remote cardiac monitoring contexts where patients with known arrhythmia risk — including post-ablation atrial fibrillation monitoring patients, cardiac implantable electronic device (CIED) follow-up patients, and new anticoagulation therapy initiation candidates — rely on continuous AI-assisted cardiac monitoring as the primary arrhythmia detection mechanism outside the clinical setting, adversarial suppression of a cardiac arrhythmia alert creates patient death and serious injury risk during the alert suppression interval.

The regulatory and malpractice consequences of adversarially suppressed cardiac arrhythmia detection AI span FDA medical device regulation, HIPAA Security Rule, and medical malpractice liability dimensions. FDA 21 CFR Part 820 (Quality System Regulation) and FDA Software as a Medical Device (SaMD) guidance impose design controls and quality management requirements for AI-assisted cardiac monitoring clinical decision support software classified as medical devices; adversarial manipulation of cardiac monitoring AI inputs that compromises clinical alert generation creates FDA Part 820 design control and quality management compliance concerns with FDA 483 observation and Warning Letter enforcement exposure. HIPAA Security Rule 45 CFR § 164.312(b) (Audit Controls) and § 164.312(e)(2)(i) (Encryption and Decryption) impose technical safeguard requirements for electronic protected health information (ePHI) transmitted through RPM device data pipelines; adversarial manipulation of cardiac monitoring image inputs that compromises the integrity of ePHI in cardiac arrhythmia records creates Security Rule § 164.312 technical safeguard audit and integrity control compliance obligations. State medical malpractice liability for cardiac monitoring negligence — arising under the clinical standard of care for cardiac rhythm monitoring and arrhythmia detection — creates wrongful death and serious injury damages exposure for cardiac monitoring organisations whose AI-assisted monitoring systems fail to detect and alert on clinically significant arrhythmias due to adversarial image manipulation. Threshold: 50 for wearable cardiac monitor display AI — the strictest threshold, reflecting acute cardiac arrhythmia life-safety primacy.

2. Teleconsultation video frame AI injection (Teladoc Health AI, Doctor on Demand AI)

Teleconsultation video frame AI processes individual video frames extracted from telehealth visit video recordings and live teleconsultation video streams submitted through AI-assisted clinical triage, symptom assessment, and physician decision support tools that extract patient presentation classification values, visible symptom severity grades, patient distress indicator assessments, and clinical urgency scores from teleconsultation video frame inputs, generating pre-consultation clinical triage summaries, symptom severity assessments, and clinical escalation recommendations that inform telehealth physicians’ acute care triage determinations, treatment protocol selection, and emergency services referral decisions during live teleconsultation encounters. Teladoc Health AI processes teleconsultation video frame images through AI-assisted clinical triage and symptom assessment tools deployed across the Teladoc Health telehealth platform serving more than 80 million members, with AI-generated pre-consultation clinical summaries informing the telehealth physician’s initial patient encounter assessment and acute care triage determination for conditions spanning primary care, urgent care, dermatology, and mental health telehealth services. Doctor on Demand AI (now Included Health) processes teleconsultation video frames through AI-assisted clinical triage tools at its telehealth platform serving employer-sponsored health plans and direct-to-consumer telehealth patients.

The adversarial injection surface is the teleconsultation video frame submission pathway: video frames extracted from live or recorded telehealth visit video streams submitted through Teladoc AI or Doctor on Demand AI pre-consultation triage interfaces for AI patient presentation classification, symptom severity extraction, and clinical urgency score generation. An adversarially crafted teleconsultation video frame — in which pixel perturbations applied to the patient facial pallor indicator, visible respiratory distress signal, or acute pain expression region on a teleconsultation video frame cause the AI to classify a patient presenting with acute distress indicators as low-acuity non-urgent when the actual video frame documents a patient presentation meeting acute care escalation criteria — can generate a false low-acuity pre-consultation triage summary that influences the telehealth physician’s initial encounter disposition, potentially causing the physician to triage an acutely distressed patient as appropriate for telehealth management when the clinical presentation actually requires emergency services referral or urgent in-person evaluation. In direct-to-consumer telehealth contexts where patients present via video for acute symptom evaluation and the telehealth physician relies on AI-generated pre-consultation triage summaries as the initial clinical assessment input, adversarial video frame injection that suppresses an acute distress indicator in the AI triage summary shifts the physician’s prior probability toward a lower-acuity initial assessment that requires more clinical evidence to overcome in the encounter workflow.

The regulatory and liability consequences of adversarially manipulated teleconsultation triage AI span FDA SaMD regulation, state telehealth practice standards, and medical malpractice dimensions. State medical licensing boards impose practice standards for telehealth clinical encounters that require adequate patient assessment before prescription or treatment recommendation; adversarial manipulation of teleconsultation AI triage tools that degrades the clinical assessment supporting the telehealth physician’s treatment decision creates state medical board licensing and standard-of-care compliance concerns. State telehealth-specific practice standards — including informed consent requirements, technology quality standards, and in-person referral obligations for presentations beyond telehealth clinical scope — impose additional compliance obligations on telehealth platforms and prescribing physicians that are complicated by adversarially manipulated AI triage assessments. State medical malpractice liability for telehealth clinical negligence — arising under the standard of care applicable to telehealth encounters in the patient’s state of residence — creates wrongful death and serious injury damages exposure for telehealth physicians and platforms whose AI-assisted triage systems fail to identify acute care presentations due to adversarial video frame injection. Threshold: 55 for teleconsultation video frame AI, reflecting clinical triage accuracy and patient safety dimensions.

3. Home patient monitoring device display AI injection (Current Health AI, Biofourmis AI, Omada Health AI)

Home patient monitoring device display AI processes photographs of home vital sign monitor display screens — including blood pressure monitor display photographs, pulse oximetry device display images, continuous glucose monitor (CGM) display screenshots, weight scale display photographs, and multi-parameter vital sign trend display images — submitted through AI-assisted patient deterioration detection, chronic disease management, and clinical escalation tools that extract vital sign value readings, out-of-range indicator flags, trend direction assessments, and deterioration pattern recognition values from home monitoring device display image inputs, generating patient deterioration alert notifications, clinical escalation triggers, and chronic disease management coaching recommendations used by hospital-at-home programme nurses, care coordinators, and chronic disease management clinical teams for patient monitoring and intervention decision-making. Current Health AI (Best Buy Health) processes home patient monitoring device display photographs from wearable and home monitoring devices through AI-assisted patient deterioration detection and clinical escalation tools deployed in hospital-at-home programmes at health system partners. Biofourmis AI processes continuous physiological data display images from its Biovitals platform through AI-assisted patient deterioration prediction tools at health system hospital-at-home programmes. Omada Health AI and Livongo (Teladoc) AI process CGM display photographs, blood pressure monitor display images, and weight scale display photographs from programme-enrolled patients through AI-assisted chronic disease management coaching and clinical escalation tools serving millions of patients with diabetes, hypertension, and heart failure.

The adversarial injection surface is the home vital sign monitor display photograph and CGM display screenshot submission pathway: home monitoring device display images submitted through Current Health AI, Biofourmis AI, or Omada Health AI patient monitoring interfaces for AI vital sign extraction, deterioration pattern detection, and clinical escalation alert generation. An adversarially crafted home blood pressure monitor display photograph — in which pixel perturbations applied to the systolic pressure reading display, heart rate indicator region, or hypertensive crisis alert indicator on a home blood pressure monitor screen photograph cause the AI to extract a normal blood pressure reading when the actual monitor display shows a hypertensive urgency or crisis blood pressure value meeting the programme’s clinical escalation threshold — can suppress a clinical escalation alert that would otherwise trigger a care coordinator notification and nurse clinical assessment call, allowing a patient in hypertensive urgency or crisis to remain without clinical contact during the window between adversarial image submission and the next monitoring cycle. In hospital-at-home contexts where AI-assisted patient deterioration detection provides the continuous monitoring that substitutes for inpatient nursing assessment, adversarial suppression of a deterioration alert creates the patient safety risk equivalent to a hospital inpatient monitoring alarm suppression event with life-threatening consequence potential.

The regulatory and CMS billing consequences of adversarially manipulated home monitoring AI span FDA SaMD oversight, CMS Remote Patient Monitoring CPT billing compliance, and False Claims Act dimensions. CMS Remote Patient Monitoring billing rules under CPT codes 99453, 99454, 99457, and 99458 require that RPM devices transmit data daily to meet the Medicare billing threshold for RPM service reimbursement; adversarial manipulation of home monitoring device display images that interferes with AI-assisted data verification and deterioration monitoring creates CMS RPM billing compliance concerns regarding whether the service actually delivered satisfies the Medicare billing requirements. False Claims Act 31 USC § 3729 imposes treble damages and civil penalties for submission of false claims for federal health care programme payment; if a healthcare provider bills Medicare or Medicaid for RPM services where AI-assisted monitoring was adversarially compromised in ways that affected the clinical monitoring service delivered, the billing creates FCA false claims exposure for the RPM services billed during the adversarial manipulation period. State Department of Health survey and certification requirements for hospital-at-home programme licensure require continuous patient monitoring capabilities and clinical escalation protocols; adversarial manipulation of AI-assisted deterioration monitoring that compromises the continuous monitoring service creates survey and certification compliance concerns. Threshold: 50 for home patient monitoring device display AI — strictest threshold, reflecting acute deterioration and life-safety primacy.

4. Patient wound and symptom photograph AI injection (Teladoc AI, Omada Health AI, wound care AI)

Patient wound and symptom photograph AI processes photographs of patient wound healing progression images, skin lesion condition photographs, surgical incision healing photographs, diabetic foot wound images, and acute symptom presentation photographs submitted by patients through telehealth platform patient portals and RPM programme mobile apps for AI-assisted wound healing assessment, skin condition classification, and symptom triage, extracting wound healing stage classifications, wound area measurement values, infection indicator flags, and acute symptom severity grades from patient-submitted photograph inputs, generating wound care protocol recommendations, provider alert notifications for deteriorating wound conditions, and acute symptom escalation recommendations that inform telehealth physicians’ and wound care nurses’ clinical decision-making for patients in post-acute recovery, chronic wound management, and telehealth urgent care programmes. Teladoc Health AI processes patient-submitted skin condition photographs through AI-assisted dermatology triage and telehealth physician decision support tools across its dermatology telehealth service line. Omada Health AI and Livongo AI process patient-submitted wound condition photographs from diabetes care programme participants through AI-assisted diabetic foot and wound care management tools. Wound care AI platforms — including WoundMatrix AI, Swift Medical AI (deployed at wound care centres across Canada and the US), and Tissue Analytics AI — process patient wound photographs through AI-assisted wound area measurement, healing stage classification, and tissue characterisation tools used by wound care clinicians in telehealth, long-term care, and outpatient wound care settings.

The adversarial injection surface is the patient wound photograph and acute symptom presentation photograph submission pathway: wound healing photographs and symptom presentation images submitted by patients through Teladoc AI patient portal, Omada Health AI programme app, or WoundMatrix AI wound care platform for AI wound condition classification, infection indicator detection, and symptom severity grading. An adversarially crafted patient wound photograph — in which pixel perturbations applied to the wound margin cellulitis indicator, peri-wound erythema boundary, or wound bed infection tissue colour region on a diabetic foot wound photograph cause the AI to classify a wound with early infection indicators as healing-as-expected when the actual photograph documents a wound with perilesional cellulitis and early infection signs meeting the wound care protocol’s clinical escalation threshold for urgent provider evaluation — can suppress a provider alert notification that would otherwise trigger a wound care nurse clinical assessment for a patient whose wound is developing an infection, allowing the infection to progress without clinical intervention during the monitoring interval between adversarial image submission and the next scheduled wound photograph assessment. In diabetic foot ulcer monitoring contexts where AI-assisted wound photograph assessment substitutes for weekly in-person wound care clinic visits, adversarial suppression of an infection indicator flag can defer the clinical intervention for a diabetic foot infection that, if untreated, progresses to the point of requiring amputation.

The regulatory and malpractice consequences of adversarially manipulated patient wound and symptom photograph AI span FDA SaMD classification, CMS home health care billing compliance, and medical malpractice liability dimensions. FDA has classified AI-assisted wound measurement and healing assessment software products as Software as a Medical Device (SaMD) subject to FDA premarket submission requirements under 21 CFR Part 882 (Neurological Devices) or 21 CFR Part 880 (General Hospital and Personal Use Devices); adversarial manipulation of FDA-regulated wound care AI inputs that compromises the clinical accuracy of wound assessment outputs creates FDA 21 CFR Part 820 quality system compliance concerns. CMS skilled nursing facility and home health agency billing rules require documented clinical assessment of wound conditions for wound care service reimbursement; adversarial manipulation of AI-assisted wound photograph assessment that generates false healing-as-expected classifications creates CMS billing compliance exposure for wound care services billed on the basis of adversarially compromised AI wound assessments. State nursing board practice standards require wound care nurses to maintain clinical competency in wound assessment; adversarial manipulation of AI wound assessment tools that nurses rely on for clinical decision support creates wound care nursing standard-of-care compliance concerns. Threshold: 55 for patient wound and symptom photograph AI, reflecting wound care clinical accuracy and infection risk dimensions.

Integration: telehealth and remote patient monitoring AI image ingestion with Glyphward pre-scan

Telehealth and RPM AI image ingestion flows from wearable cardiac monitor display photograph channels, teleconsultation video frame interfaces, home monitoring device display image APIs, and patient wound photograph upload portals into cardiac arrhythmia detection AI, clinical triage AI, patient deterioration monitoring AI, and wound assessment AI pipelines. Insert Glyphward’s pre-scan at the ingestion boundary before AI-generated output is committed to cardiac arrhythmia alert records, teleconsultation triage summaries, deterioration escalation logs, or wound care progress documentation:

import asyncio
import base64
import hashlib
import os
import uuid
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = os.environ["GLYPHWARD_API_KEY"]
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Telehealth & remote patient monitoring AI — HIPAA 45 CFR Part 164,
# CMS 42 CFR Part 410 RPM billing, FCA 31 USC §3729, FDA 21 CFR Part 820
# SaMD, state medical malpractice. Cardiac alert suppression, triage
# misclassification, deterioration concealment, and wound assessment
# falsification create patient death and serious injury risk.
THRESHOLD_CARDIAC_DETERIORATION = 50  # cardiac monitor, home vitals (life-safety)
THRESHOLD_TRIAGE_WOUND          = 55  # teleconsultation triage, wound assessment


class TelehealthAIContext(str, Enum):
    CARDIAC_MONITOR  = "cardiac_monitor"   # Philips BioTelemetry, iRhythm Zio
    TELECONSULTATION = "teleconsultation"  # Teladoc Health, Doctor on Demand
    HOME_MONITORING  = "home_monitoring"   # Current Health, Biofourmis, Omada Health
    WOUND_SYMPTOM    = "wound_symptom"     # WoundMatrix, Swift Medical, Teladoc dermatology


def threshold_for(context: TelehealthAIContext) -> int:
    if context in (TelehealthAIContext.CARDIAC_MONITOR, TelehealthAIContext.HOME_MONITORING):
        return THRESHOLD_CARDIAC_DETERIORATION
    return THRESHOLD_TRIAGE_WOUND


async def scan_telehealth_ai_image(
    image_path: str | Path,
    context: TelehealthAIContext,
    provider_id_hash: str,   # SHA-256 of telehealth provider / RPM organisation NPI
    patient_ref: str,        # pseudonymised patient encounter/monitoring ref (no PHI)
    device_hash: str,        # SHA-256 of monitoring device / encounter session ID
    client: httpx.AsyncClient,
) -> dict:
    """
    Scan a telehealth or remote patient monitoring AI image for adversarial
    injection payloads before forwarding to cardiac arrhythmia detection,
    teleconsultation triage, home monitoring deterioration, or wound assessment
    AI systems.

    Raises AdversarialTelehealthAIImageError if score meets threshold:
      - CARDIAC_MONITOR:  threshold 50; FDA 21 CFR Part 820 SaMD; HIPAA
                          §164.312; cardiac arrhythmia life-safety primacy
      - HOME_MONITORING:  threshold 50; CMS CPT 99454/99457; FCA §3729;
                          hospital-at-home deterioration life-safety
      - TELECONSULTATION: threshold 55; state telehealth practice standards;
                          medical malpractice acute triage
      - WOUND_SYMPTOM:    threshold 55; FDA SaMD 21 CFR Part 880; CMS home
                          health billing; wound infection clinical accuracy
    """
    image_bytes = Path(image_path).read_bytes()
    image_b64   = base64.b64encode(image_bytes).decode()
    image_sha256 = hashlib.sha256(image_bytes).hexdigest()
    client_scan_id = str(uuid.uuid4())
    threshold = threshold_for(context)

    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json={
            "image": image_b64,
            "source": context.value,
            "metadata": {
                "telehealth_context": context.value,
                "provider_id_hash":   provider_id_hash,
                "patient_ref":        patient_ref,
                "device_hash":        device_hash,
                "client_scan_id":     client_scan_id,
                "image_sha256":       image_sha256,
            },
        },
        timeout=8.0,
    )
    resp.raise_for_status()
    result = resp.json()

    audit_record = {
        "provider_id_hash":   provider_id_hash,
        "patient_ref":        patient_ref,
        "device_hash":        device_hash,
        "telehealth_context": context.value,
        "scan_id":            result["scan_id"],
        "client_scan_id":     client_scan_id,
        "image_sha256":       image_sha256,
        "score":              result["score"],
        "flagged_region":     result.get("flagged_region"),
        "threshold":          threshold,
        "action":             "blocked" if result["score"] >= threshold else "allowed",
    }
    await write_telehealth_audit_record(audit_record)

    if result["score"] >= threshold:
        raise AdversarialTelehealthAIImageError(
            f"Telehealth AI image blocked [{context.value}]: "
            f"scan_id={result['scan_id']} score={result['score']} "
            f"provider={provider_id_hash} encounter={patient_ref}"
        )
    return result


async def write_telehealth_audit_record(record: dict) -> None:
    """Persist audit record to telehealth provider HIPAA compliance audit store (stub)."""
    import json, sys
    print(json.dumps(record), file=sys.stderr)


class AdversarialTelehealthAIImageError(Exception):
    """Raised when a telehealth or RPM AI image exceeds the adversarial injection threshold."""
    pass

Call scan_telehealth_ai_image() with TelehealthAIContext.CARDIAC_MONITOR before forwarding Philips BioTelemetry AI or iRhythm Zio AI cardiac rhythm display photographs to arrhythmia classification tools — the highest life-safety integration point in cardiac monitoring, where adversarial suppression of a ventricular fibrillation or atrial fibrillation detection alert delays the immediate physician notification that initiates acute cardiac arrhythmia management; preserve image_sha256 as the forensic anchor for HIPAA Security Rule § 164.312 audit control documentation and FDA Part 820 quality system compliance records. Call with TelehealthAIContext.HOME_MONITORING for Current Health AI or Biofourmis AI vital sign display photographs before AI deterioration detection, using device_hash for CMS CPT 99454/99457 RPM billing compliance documentation linking each monitored device transmission to its Glyphward pre-scan audit record. Call with TelehealthAIContext.TELECONSULTATION for Teladoc Health AI video frames before pre-consultation triage classification, preserving patient_ref (pseudonymised, no PHI) for telehealth platform clinical quality assurance audit and state medical board standard-of-care documentation. Call with TelehealthAIContext.WOUND_SYMPTOM for WoundMatrix AI or Swift Medical AI wound photographs before AI wound condition classification, with device_hash encoding the wound monitoring session identifier for FDA SaMD post-market surveillance documentation and CMS home health billing compliance audit. Get early access

Coverage matrix

Control	Cardiac monitor AI injection (Philips BioTelemetry, iRhythm Zio)	Teleconsultation AI injection (Teladoc Health, Doctor on Demand)	Home monitoring AI injection (Current Health, Biofourmis, Omada)	Wound/symptom AI injection (WoundMatrix, Swift Medical, Teladoc)
Text-only PI scanners (Lakera, LLM Guard)	No — adversarial pixel perturbations in cardiac rhythm display photographs are invisible to text-based analysis	No — teleconsultation video frame pixel manipulation is not detected by text-only scanning	No — home monitoring device display photograph pixel manipulation is not caught by text analysis	No — patient wound photograph pixel perturbations are not visible to text scanners
Cardiac monitoring centre clinical review	Monitoring centre cardiac technicians review AI arrhythmia classification outputs for clinical plausibility; do not inspect cardiac rhythm display photograph pixels for adversarial manipulation before alert generation	Telehealth physicians review AI pre-consultation triage summaries during patient encounters; do not inspect video frame pixels for adversarial manipulation before clinical assessment acceptance	Care coordinators review AI patient deterioration alerts and vital sign trend summaries; do not inspect device display photograph pixels for adversarial manipulation before escalation decision	Wound care nurses and physicians review AI wound assessment outputs for clinical accuracy; do not inspect wound photograph pixels for adversarial manipulation before wound care protocol acceptance
FDA SaMD quality system controls	FDA 21 CFR Part 820 quality system controls require software design validation and adverse event monitoring; do not detect adversarial pixel manipulation of cardiac monitor display inputs at the image submission boundary	FDA SaMD guidance and Part 820 quality system requirements cover telehealth clinical decision support software; do not detect adversarial manipulation of teleconsultation video frame inputs submitted to AI triage tools	FDA SaMD oversight for RPM software and 21 CFR Part 880 general device quality requirements cover home monitoring AI; do not detect adversarial pixel manipulation of device display photographs submitted to AI deterioration detection tools	FDA wound measurement SaMD classification and 21 CFR Part 880 quality requirements cover wound care AI; do not detect adversarial pixel manipulation of patient wound photographs at the AI ingestion boundary
Glyphward	Yes — threshold 50; provider_id_hash and device_hash audit trail; blocks adversarially crafted cardiac display images before Philips/iRhythm AI arrhythmia classification, with image_sha256 for FDA Part 820 audit	Yes — threshold 55; blocks adversarially crafted teleconsultation frames before Teladoc AI triage classification, with patient_ref for telehealth platform clinical quality audit documentation	Yes — threshold 50; blocks adversarially crafted device display images before Current Health/Biofourmis AI deterioration detection, with device_hash for CMS CPT 99454/99457 billing compliance	Yes — threshold 55; blocks adversarially crafted wound photographs before WoundMatrix/Swift Medical AI assessment, with device_hash for FDA SaMD post-market surveillance and CMS billing documentation

Frequently asked questions

How does adversarial injection into cardiac monitoring AI differ from ordinary signal noise and artifact problems in ambulatory cardiac monitoring, and why do existing artifact rejection algorithms not address the adversarial threat?

Ordinary signal noise and artifact problems in ambulatory cardiac monitoring — motion artifact from patient activity during Holter or ambulatory patch monitoring, lead disconnection causing flat-line signal periods, electromagnetic interference from household devices causing rhythmic artifact patterns, and baseline wander from patient breathing variation — are addressed by cardiac monitoring AI systems through artifact rejection algorithms that identify signal quality characteristics associated with non-cardiac signal sources and exclude these artifact-contaminated periods from arrhythmia analysis, or flag them as uninterpretable for clinical review. iRhythm Zio AI and Philips BioTelemetry AI include artifact rejection and signal quality classification layers that filter low-quality signal periods before arrhythmia classification to reduce false positive arrhythmia detections caused by non-cardiac artifact signal sources.

Adversarial injection into cardiac monitoring AI targets the arrhythmia display photograph that the AI system processes — not the underlying cardiac signal waveform — to cause misclassification of a display that shows a genuine arrhythmia waveform. An adversarially crafted Zio patch data display photograph that suppresses a ventricular fibrillation detection presents a high-quality cardiac signal display — with normal signal-to-noise ratio, clear baseline, and no artifact pattern — that passes artifact rejection filters, because the adversarial pixel perturbations are applied to the image of the arrhythmia display rather than to the underlying signal data. The artifact rejection algorithm’s signal quality assessment operates on characteristics of the represented cardiac signal in the display, not on the pixel-level perturbation pattern that causes the AI image classifier to misclassify the display. Pre-scan verification at the cardiac monitoring display image submission boundary, before the AI arrhythmia classifier processes the display photograph, is the only technical control that operates at the pixel-perturbation level before the false normal-sinus-rhythm classification is generated and suppresses the arrhythmia clinical alert.

What are a telehealth organisation’s HIPAA Security Rule obligations and CMS RPM billing compliance exposure when adversarial injection into its home monitoring AI compromises patient vital sign data integrity?

A telehealth organisation’s HIPAA Security Rule obligations when adversarial injection into its home monitoring AI compromises patient vital sign data integrity operate on two parallel compliance tracks. Under HIPAA Security Rule 45 CFR § 164.312(b) (Audit Controls), covered entities and their business associates are required to implement hardware, software, and procedural mechanisms to record and examine activity in information systems that contain or use ePHI; adversarial manipulation of home monitoring device display photographs that alters the ePHI record of patient vital sign values creates a Security Rule § 164.312(b) audit control compliance concern requiring the telehealth organisation to document the manipulation event and its impact on ePHI integrity. Under HIPAA Security Rule § 164.312(e)(1) (Transmission Security), covered entities must implement technical security measures to guard against unauthorised access to ePHI transmitted over electronic networks; adversarial injection into patient monitoring image upload pathways constitutes an attack on the integrity of ePHI in transmission that creates § 164.312(e) transmission security compliance obligations.

Under CMS RPM billing rules for CPT code 99454 (Remote monitoring device supply), CMS requires that the RPM device transmit data daily during the billing period to qualify for Medicare payment; adversarial manipulation of home monitoring device display photographs that interferes with AI-assisted data verification creates a CMS documentation question about whether the billing period’s daily transmission requirement was satisfied with intact data integrity for all monitored days. False Claims Act 31 USC § 3729 imposes treble damages and civil penalties per false claim for submission of false Medicare or Medicaid claims; if adversarial manipulation of home monitoring AI compromised the clinical monitoring service during a billing period for which Medicare CPT 99454/99457 payment was received, the billing creates FCA exposure requiring analysis of whether the adversarially compromised monitoring service satisfied the CMS billing requirement for the service paid. The Glyphward pre-scan audit trail — with device_hash linking each monitoring device transmission to its scan record — provides the documentation of technical controls at the device image submission boundary that supports CMS billing compliance documentation and FCA defence.

How should wound care organisations implement Glyphward pre-scan in Swift Medical AI or WoundMatrix AI workflows to satisfy CMS home health documentation requirements without disrupting point-of-care wound assessment workflows?

Wound care organisations that deploy Swift Medical AI or WoundMatrix AI for wound measurement and healing assessment at home health agency visits, skilled nursing facility wound care programmes, and outpatient wound care clinic encounters face a specific point-of-care integration constraint: wound assessment photographs are captured by wound care nurses using mobile devices during active patient encounters, with assessment results immediately needed to document wound care plan compliance for CMS Outcome and Assessment Information Set (OASIS) home health documentation requirements and to inform the wound care protocol decision for the current patient visit.

The recommended Glyphward integration model for wound care organisation contexts is synchronous API integration at the wound photograph upload endpoint of the Swift Medical AI or WoundMatrix AI mobile application: when a wound care nurse captures and submits a wound photograph through the wound care AI mobile app, the photograph submission request is routed through a provider-side API proxy that calls Glyphward pre-scan synchronously before forwarding the photograph to the wound care AI platform, with the Glyphward scan latency designed to remain within the mobile app’s upload confirmation timeout window. For wound photographs returning adversarial scores at or above the ≥ 55 threshold, the mobile app integration displays a re-capture prompt to the wound care nurse, requesting a new wound photograph with documented re-capture chain-of-custody verification before AI wound assessment is performed — ensuring that adversarially manipulated wound images do not generate false AI wound condition classifications that enter CMS OASIS documentation or wound care plan records without clinical nurse verification. The Glyphward scan_id is preserved as a wound assessment encounter metadata field, providing the FDA SaMD post-market surveillance documentation and CMS home health billing compliance audit trail that demonstrates technical controls at the wound AI image ingestion boundary for each assessed wound encounter.