01Source Systems
02Ingest & Warehouse · Today
03AI Activation Layer
04Governed Consumption
Clinical / DPMS
Dentrix, Eaglesoft, OpenDental
Practice management and clinical operations.
PHI · Restricted
People & Finance
Workday, ERP, Procurement
HRIS, accounting, supply chain. PII at column level.
PII · Confidential
Growth & 3rd Party
Marketing platforms, call data, vendor APIs
Performance, attribution, partner feeds.
Mixed · Internal
Ingest
Omniscient managed ELT
Lands sources into Azure. Source classification and column tagging applied at landing.
Azure Data Warehouse
Raw · Curated · Reporting
- Raw source of truth, locked
- Curated conformed and modeled
- Reporting Incline pushes to BI
Entra roles · RLS enforced
Today's boundary
BI reads. AI does not.
No outbound path to AI services exists today. This slide adds that path under controls.
Single ingress for every AI consumer.
Azure APIM · Entra ID
ASemantic Contract
Blessed metrics only. dbt and Power BI semantic model. Certified datasets with owners and lineage.
- Text-to-SQL targets views, never raw tables
- Metrics versioned with owner and SLA
BIdentity & Policy
Entra principal carried from prompt to row. RLS and CLS enforced at the warehouse on the caller, not the service.
- PII tags drive masking on retrieve
- Per-tool, per-scope authorization
CAPI Surfaces
Three typed contracts. Each rate-limited, logged, cost-attributed.
- Read parameterized KPI queries
- Search / RAG SOPs, policy, contracts
- Action writes, idempotent, approval-gated
DAI Services & MCP
Azure OpenAI in-tenant by default. External models via private endpoint with DLP on egress.
- Domain MCP servers wrap the APIs
- Prompt-injection and PII guards inline
Embedded BI
Power BI Copilot
Queries the semantic model. No raw-table access.
Department Copilots
Growth, Ops, Finance, HR
Same gateway, scoped tools per domain. Pre-approved actions only.
Agent Workflows
Claude, Azure OpenAI, Gen4Engage
Bound by MCP tool surface. Audited per call.
Vendor Surfaces
DPMS, Omniscient, Incline copilots
Plug in as gateway clients, not as database readers.
Identity Chain
One Entra principal, end to end.
User (SSO)
›
Client / Agent
›
APIM (authZ, log)
›
AI Service + MCP
›
Semantic View
›
Warehouse RLS
Audit Captured
caller, prompt, tool, rows, action
01
Never expose the warehouse.
Models and agents hit typed APIs. No direct DB credentials exist for any AI consumer.
Control · API-only egress
02
Identity flows end to end.
Same Entra user from prompt to row. RLS enforces what the caller sees, not the service.
Control · On-behalf-of auth
03
Semantic layer is the contract.
Blessed metrics and views only. No text-to-SQL against raw tables. One definition of practice EBITDA.
Control · View allowlist
04
Read by default, writes by approval.
Action APIs are idempotent, pre-registered, and gated by human approval or policy.
Control · Action allowlist
05
Audit every call.
Caller, prompt, tool, payload, rows returned, action taken. Retained for review. PII redacted at log boundary.
Control · Tamper-evident log
Activation
Phasing
0 to 90Stand Up
APIM and Entra live. First three read APIs (practice KPIs, patient volume, marketing spend). Growth team pilot via Claude MCP. Audit log wired to SIEM.
91 to 180Expand
RAG over SOPs and policy. Department copilots for HR, Finance, Marketing. First action APIs with approval workflow (e.g., AR follow-up dispatch).
181 to 365Compound
Agent workflows across domains. Natural-language self-service for practice managers. Vendor agents (DPMS, Omniscient, Incline) connect via MCP.