Skip to content
AskFlorence
Main Navigation ArchitectureFlorence AIAgentsMembersAgent PlatformValidationInfrastructure

Appearance

Sidebar Navigation

Overview

Home

Glossary

System Architecture

Consumer & Agent Flow

Florence AI

Overview

Principles

Runtime

Tool surface

Adding a tool

Tool registry

Knowledge: SBC scenarios & CSR

Voice

Evals & observability

Provider risk & portability

Outage playbook

Roadmap

Build plan

Agents

Overview

Workflows & pain points

Members

Overview

Medicaid coverage gap

Carriers

Overview

Marketplaces

Overview

Agency

Overview

Regulations

Overview

Agent Platform

Overview

Auth Architecture

MongoDB Permissioning

Compliance Model

Data Models

Data Sources

Overview

CMS Marketplace API

CMS dependency map

PUF Data

State Subsidies

SBE Ingestion Playbook

SBE State Watchouts + Decisions

CA Phase C/D Playbook

NY Phase C/D Playbook

Validation

Overview

Methodology

APTC Formula

California 2026

New York 2026

CAPS Formula

Scenario Results

Infrastructure

Account Inventory

AWS Setup Runbook

AWS Organizations

CloudTrail

GuardDuty

Security Hub

Config

CloudFront + WAFv2

Data sources & ingest

Phase 4 DNS

Change Log

Vulnerability Management

MongoDB Setup

Access Control

Data Classification

Documentation Hosting

Post-deploy Smoke

Development

Preflight (local CI mirror)

Testing strategy

Compliance

Overview (auditor entry point)

SOC 2 Control Mapping

HIPAA Control Mapping

CMS EDE Appendix A Mapping

Risk Assessment

Encryption Policy

Data Retention Policy

Privacy Impact Assessment

Consent Capture & Versioning

Incident Response Plan

Access Control Policy

Marketing vs. Portal Analytics

Vendor / Subprocessor Register

Dependency Vulnerability Policy

BAA / Compliance Evidence

Compliance-Automation Integration

Compliance-Automation Vendor Evaluation

Penetration Test Reports

Architecture

Portal entry handoff

Mobile app strategy

Deferred architecture decisions

Session cookie architecture

Share flows

Decisions (ADRs)

Index

0001 — Atlas project isolation

0002 — Append-only audit log

0003 — Narrow-scoped Mongo users

0004 — Cross-cluster Atlas PrivateLink

0005 — Delayed-job architecture

0006 — Mongo user simplification

0007 — Terraform owns ECS task def

0008 — E2E testing strategy

0009 — Self-hosted analytics + observability (superseded)

0010 — PostHog HIPAA Cloud (supersedes 0009)

Runbooks

Security Incident Response

Break-Glass Root Login

Onboard Team Member

Offboard Team Member

Atlas user provisioning

Deploy via Terraform (ENG-277)

Rollback via Terraform (ENG-277)

S3 data bucket migration (planned Phase 11)

Access Reviews

2026-Q2 Review

Session log

Index

2026-04-23 — Phase 10 DNS cutover

2026-04-22 — Phase 8 prod AWS mirror

2026-04-22 — Phase 7 Atlas VPC peering

2026-04-22 — Phase 6 CloudFront + WAF

2026-04-21 — Phase 5 staging go-live

2026-04-17 — Atlas staging

Briefs

Index

Member portal plan (ENG-187)

2026-04-16/17 handoff

2026-04-17 Atlas handoff

System briefing (2026-04-17)

Creative AdBundance proposal brief

Creative AdBundance analytics brief

ElevenLabs RN integration research

Policies

Overview

On this page

Glossary ​

Quick reference for abbreviations and terms used throughout AskFlorence documentation.

Subsidies & Pricing ​

TermFull NameWhat It Means
APTCAdvance Premium Tax CreditMonthly subsidy that reduces your health insurance premium. Calculated from income, household size, and the SLCSP.
SLCSPSecond Lowest Cost Silver PlanThe benchmark Silver plan used to calculate APTC. Not necessarily the plan you enroll in.
CSRCost Sharing ReductionReduces deductibles, copays, and max out-of-pocket on Silver plans for people under 250% FPL.
FPLFederal Poverty LevelIncome threshold set by HHS. All subsidy eligibility is measured as a percentage of FPL.
IRAInflation Reduction ActExtended enhanced premium tax credits through 2025. Standard (less generous) table applies in 2026.
AVActuarial ValueThe percentage of total costs a plan covers. Silver = 70%, Gold = 87%, etc. CSR increases Silver's AV.
MOOPMaximum Out-of-PocketThe most you pay in a year for covered services. After hitting MOOP, the plan pays 100%.

Plans & Metal Levels ​

TermFull NameWhat It Means
QHPQualified Health PlanAn ACA-compliant health plan sold through a marketplace. What most people mean by "Obamacare plan."
HMOHealth Maintenance OrganizationPlan type requiring in-network providers and usually a primary care referral for specialists.
PPOPreferred Provider OrganizationPlan type allowing out-of-network providers at higher cost, no referral needed.
EPOExclusive Provider OrganizationLike an HMO but usually no referral needed. Still in-network only.
HIOSHealth Insurance Oversight SystemCMS system that assigns unique plan IDs. HIOS ID = the plan's federal identifier (e.g., 25303NY0630001).
SBCSummary of Benefits and CoverageStandardized document every plan must publish showing deductibles, copays, and covered services.
EHBEssential Health BenefitsThe 10 categories of services all ACA plans must cover (hospitalization, Rx, maternity, mental health, etc.).
SADPStand-Alone Dental PlanDental-only plan sold separately from medical QHPs on the marketplace.
HSAHealth Savings AccountTax-advantaged account paired with high-deductible plans. Not all plans are HSA-eligible.

Marketplaces ​

TermFull NameWhat It Means
FFMFederally Facilitated MarketplaceHealthcare.gov. Serves 30 states that don't run their own exchange.
SBEState-Based ExchangeA state that runs its own marketplace (NY, CA, CO, etc.) instead of using Healthcare.gov.
SBE-FPState-Based Exchange on Federal PlatformA state exchange that uses Healthcare.gov's technology but manages its own program (AR, OR).
NYSOHNY State of HealthNew York's state-based marketplace at nystateofhealth.ny.gov.
CMSCenters for Medicare & Medicaid ServicesFederal agency that runs Healthcare.gov and publishes marketplace data.
EDEEnhanced Direct EnrollmentAllows third-party sites (like AskFlorence, eventually) to enroll consumers directly without redirecting to Healthcare.gov.

New York Specific ​

TermFull NameWhat It Means
EPEssential PlanNY's Basic Health Program. $0 premium, $0 deductible coverage for people under 200-250% FPL.
BHPBasic Health ProgramACA Section 1331 authority that lets states create programs like NY's Essential Plan. Only NY and MN use it.
DFSDepartment of Financial ServicesNY's insurance regulator. Approves health plan rates annually.
1332 WaiverSection 1332 State Innovation WaiverFederal waiver NY used to expand Essential Plan to 250% FPL. Terminates July 1, 2026.
PRUCOLPermanently Residing Under Color of LawImmigration status category eligible for state-funded coverage in NY (includes DACA).
CHPChild Health PlusNY's separate health program for children under 19. Free up to 222% FPL.

California Specific ​

TermFull NameWhat It Means
CAPSCalifornia Additional Premium SubsidyState-funded premium subsidy on top of federal APTC for low-income Californians.
CAPCCalifornia Additional Premium Credit$1/member/month state credit. Small but stacks with APTC + CAPS.

Data Sources ​

TermFull NameWhat It Means
PUFPublic Use FileCMS-published CSV datasets with plan rates, benefits, and service areas. Published annually.
MR-PUFMachine-Readable PUFContains carrier URLs for drug formulary and provider directory JSON files.
Exhibit 23DFS Rate Filing Exhibit 23The specific Excel workbook in NY DFS filings that contains approved plan-level premiums by rating region.

Infrastructure & Compliance ​

TermFull NameWhat It Means
SOC 2System and Organization Controls 2Audit standard for service organizations covering security, availability, and confidentiality.
BAABusiness Associate AgreementHIPAA-required agreement between covered entities and their service providers (e.g., MongoDB Atlas, AWS).
HIPAAHealth Insurance Portability and Accountability ActFederal law requiring protection of personal health information (PHI).
PHIProtected Health InformationHealth data linked to an individual (SSN + health plan = PHI).
PIIPersonally Identifiable InformationAny data that can identify a person (name, email, SSN, address).
CSFLEClient-Side Field Level EncryptionMongoDB feature that encrypts individual fields before they leave the application.
KMSKey Management ServiceAWS service that manages encryption keys used for CSFLE.
IAMIdentity and Access ManagementAWS service for managing users, roles, and permissions.
MFAMulti-Factor AuthenticationRequiring two forms of verification (password + code) to log in.
NPNNational Producer NumberUnique ID assigned to licensed insurance brokers/agents.

ACA Formula Reference ​

APTC = SLCSP_household - (applicable_percentage x income / 12)

Where:
  SLCSP_household = SLCSP_individual x number_of_adults  (NY: community rated)
  SLCSP_household = sum of age-rated SLCSP per member    (federal states)
  applicable_percentage = from IRS Rev. Proc. table based on income as % of FPL
  
If APTC < 0, APTC = 0
If income > 400% FPL, APTC = 0 (cliff in 2026, post-IRA expiry)
Pager
Previous pageHome
Next pageSystem Architecture

AskFlorence Internal Documentation. Not for public distribution.

AskFlorence

Internal Documentation

Access restricted. Not for public distribution.