Skip to content
SedationLog
← Back to blog

Why SedationLog is built on deterministic rules, not AI

An LLM saying 'this record looks fine' isn't a defense. A rule that says 'no Aldrete, no signing' is. Here's how we think about the difference.

Michael Schaake
  • engineering
  • philosophy
TODO: This is placeholder copy meant to sound roughly like Michael's voice; rewrite before public launch.

When I was sketching SedationLog the obvious early question was: should this thing have an AI component? Every modern healthcare product has an AI component. The “smart” version of the record reads what you wrote and tells you whether it looks OK.

I decided pretty early that the answer was no, and I’ve been more confident in that decision the further along the build has gone. Here’s the case.

What a board defense actually looks like

When a dentist gets pulled into a board review on a sedation case, what they need isn’t a record that looks defensible. They need a record that is defensible by the actual rules the board uses. Those rules are public, deterministic, and boring:

  • ASA status documented.
  • Pre-sedation checklist completed (or explicitly addressed).
  • Vitals taken at the required intervals.
  • A 15-minute recovery period with vitals at the end.
  • An Aldrete score (or equivalent) before discharge.
  • Discharge instructions given to the caregiver.

These aren’t fuzzy “maybe this case was fine” judgments. They’re checkboxes. They either happened or they didn’t. The record either documents them or it doesn’t.

The right software for catching omissions is software that knows exactly what the checkboxes are. Not software that reads the record and tries to infer whether the checkboxes were met.

What AI gets wrong here

Imagine a hypothetical AI-assisted sedation record. You finish the case, you click Sign, and an LLM reads the record and tells you “this looks complete.” A few problems:

  1. You have to trust the LLM. If it says “looks fine” and missed a thing, you’re the one defending the case. The LLM doesn’t get pulled into the review.
  2. It’s not reproducible. Two runs of the same model on the same record can give you different “looks fine”s. That’s fine for chat. It’s not fine for a clinical-defense gate.
  3. It hallucinates absences. LLMs are worse at noticing what’s missing than at evaluating what’s present. “There’s no Aldrete here” is the exact failure mode they’re most prone to overlooking, because there’s no positive evidence to attend to.

What deterministic rules get right

SedationLog runs a set of pure Python functions over the case state, each one mapped to a specific named rule. The Aldrete-missing rule reads case.aldrete, counts how many of the 5 components are populated, and returns either an empty list (silent) or a single flag with severity ERROR (blocks signing).

The whole rules engine is about 400 lines of code and you can read it. Every rule is unit-tested with at least one fixture that fires it and at least one that keeps it silent. Both the browser and the server run the same rules; the server is the gate, the browser is for UX. There’s no model to retrain, no “the AI is in a bad mood today” mode, no hallucinations.

When a board asks “what made you sign this record?” the answer is: “the SedationLog rules engine ran 23 named clinical rules against this case state and all 23 returned silent.” We can show you the exact code path, the exact case state, and the exact set of fired-and-resolved warnings.

That’s the version of “smart” we want.

When AI does belong in this product

I’m not anti-AI. There are real places where I expect ML to land in SedationLog over time:

  • Transcription of the dentist’s verbal post-op summary into the complications
    • discharge fields. That’s a translation problem, not a defense-gate problem.
  • De-identified analytics across a tenant’s own case history — “your average case takes 45 minutes; this one is 90, want to flag it for the QA team?”
  • Anomaly detection on the vitals stream for live-case alerts the deterministic rules don’t catch. Always paired with the dentist’s judgment, never as a gate.

None of those would be a defense gate. They’d be conveniences layered on top of a record that’s already bulletproof on the deterministic-rules layer.

The product’s core promise — the record you sign is the record that holds up — runs through code that hasn’t changed since the test suite first turned green. That’s the whole point.