Patient Visit Advocate policy
policy artifact · for Patient Visit Advocate · status approved
| id | rule | severity | rationale |
|---|---|---|---|
| P-001 | The product must not diagnose, replace clinicians, or tell users what treatment to pursue. | hard | Medical safety and trust boundary. |
| P-002 | Outputs must frame medical uncertainty explicitly and encourage clinician clarification for ambiguous or serious issues. | hard | Avoid false confidence. |
| P-003 | Serious symptom disclosures must trigger conservative escalation language such as seeking urgent or emergency care, without attempting triage precision beyond approved guardrails. | hard | Patient safety. |
| P-004 | The system must store structured user-corrected health memory, not rely on raw chat logs as the source of truth. | hard | Memory must be reviewable, correctable, and privacy-conscious. |
| P-005 | No provider-facing claims, HIPAA/regulatory claims, or clinical efficacy claims should ship without legal and medical review. | hard | Sensitive healthcare domain. |
| P-006 | Generated question lists should default to five or fewer primary questions. | warn | Overwhelming users defeats the preparation job. |
| P-007 | Avoid medicalized UI density; the experience should feel calm, plain-language, and appointment-focused. | warn | Users are likely anxious. |
| P-008 | No third-party analytics, ad pixels, session replay, or tracking SDKs may receive health text, appointment details, symptom data, medication data, identifiers tied to health activity, or visit URLs containing health context. | hard | FTC/HHS have specifically warned about health-data disclosure through online tracking technologies. |
| P-009 | Before collecting or sharing health data, the product must show clear just-in-time notice and require affirmative express consent outside the privacy policy. | hard | FTC mobile health guidance calls for clear notice and affirmative express consent for health data collection/sharing. |
| P-010 | Health content must be encrypted in transit and at rest; local-only anonymous drafts must use platform storage controls and expire automatically. | hard | FTC best practices call encryption a key protection for health information. |
| P-011 | MVP outputs must be limited to preparation, clarification, summarization, question generation, and follow-up organization; they must not classify the user into a diagnosis, predict acute risk, recommend a medication, or direct a care pathway. | hard | Keeps the product out of diagnostic/treatment-directive behavior and aligned to patient advocacy. |
| P-012 | Public claims must say appointment preparation and personal organization, not clinical decision support, triage, diagnosis, therapy, or treatment optimization. | hard | Marketing claims can change regulatory posture and user trust expectations. |
| P-013 | Coverage/insurance content must include a recency caveat and direct users to verify current rules with insurer, SHIP counselor, state insurance commissioner, or qualified benefits professional. | hard | Coverage rules and laws change frequently. |
| P-014 | No Q&A ingestion, generation, or publishing path may bypass compliance linting and human review for flagged content. | hard | Client source docs are seed material, not automatic public approval. |
policy artifact · for Patient Visit Advocate · status approved
No explicit evidence field yet. Require tests, screenshots, linked PRs, or reviewed outputs before marking complete.
- rules: 14 items
- sources: 4 items
- schema version: 1.0
- source artifacts: 1 item
- required disclaimers: coverage_caveat_exact: string, onboarding_body_exact: string, qna_card_footer_exact: string, onboarding_button_exact: string, onboarding_headline_exact: string
- approval required before build: 5 items
- content lint required patterns: 8 items
Machine-readable source fields
| id | rule | severity | rationale |
|---|---|---|---|
| P-001 | The product must not diagnose, replace clinicians, or tell users what treatment to pursue. | hard | Medical safety and trust boundary. |
| P-002 | Outputs must frame medical uncertainty explicitly and encourage clinician clarification for ambiguous or serious issues. | hard | Avoid false confidence. |
| P-003 | Serious symptom disclosures must trigger conservative escalation language such as seeking urgent or emergency care, without attempting triage precision beyond approved guardrails. | hard | Patient safety. |
| P-004 | The system must store structured user-corrected health memory, not rely on raw chat logs as the source of truth. | hard | Memory must be reviewable, correctable, and privacy-conscious. |
| P-005 | No provider-facing claims, HIPAA/regulatory claims, or clinical efficacy claims should ship without legal and medical review. | hard | Sensitive healthcare domain. |
| P-006 | Generated question lists should default to five or fewer primary questions. | warn | Overwhelming users defeats the preparation job. |
| P-007 | Avoid medicalized UI density; the experience should feel calm, plain-language, and appointment-focused. | warn | Users are likely anxious. |
| P-008 | No third-party analytics, ad pixels, session replay, or tracking SDKs may receive health text, appointment details, symptom data, medication data, identifiers tied to health activity, or visit URLs containing health context. | hard | FTC/HHS have specifically warned about health-data disclosure through online tracking technologies. |
| P-009 | Before collecting or sharing health data, the product must show clear just-in-time notice and require affirmative express consent outside the privacy policy. | hard | FTC mobile health guidance calls for clear notice and affirmative express consent for health data collection/sharing. |
| P-010 | Health content must be encrypted in transit and at rest; local-only anonymous drafts must use platform storage controls and expire automatically. | hard | FTC best practices call encryption a key protection for health information. |
| P-011 | MVP outputs must be limited to preparation, clarification, summarization, question generation, and follow-up organization; they must not classify the user into a diagnosis, predict acute risk, recommend a medication, or direct a care pathway. | hard | Keeps the product out of diagnostic/treatment-directive behavior and aligned to patient advocacy. |
| P-012 | Public claims must say appointment preparation and personal organization, not clinical decision support, triage, diagnosis, therapy, or treatment optimization. | hard | Marketing claims can change regulatory posture and user trust expectations. |
| P-013 | Coverage/insurance content must include a recency caveat and direct users to verify current rules with insurer, SHIP counselor, state insurance commissioner, or qualified benefits professional. | hard | Coverage rules and laws change frequently. |
| P-014 | No Q&A ingestion, generation, or publishing path may bypass compliance linting and human review for flagged content. | hard | Client source docs are seed material, not automatic public approval. |
| id | url | title | relevance |
|---|---|---|---|
| FDA-CDS-2026 | https://www.fda.gov/media/191560/download | FDA Clinical Decision Support Software guidance transcript | Avoid outputs that provide specific diagnostic or treatment directives or replace clinician judgment. |
| HHS-MHEALTH | https://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.html | HHS/OCR Resources for Mobile Health Apps Developers | Use the federal mobile health app interactive tool to evaluate HIPAA, FTC Act, Health Breach Notification Rule, FD&C Act, COPPA, and related obligations. |
| FTC-MOBILE-HEALTH-BEST-PRACTICES | https://www.ftc.gov/business-guidance/resources/mobile-health-app-developers-ftc-best-practices | FTC Mobile Health App Developers: Best Practices | Requires clear notice/affirmative express consent, strong encryption, vulnerability management, data inventory, and transparent privacy/security statements. |
| FTC-HHS-TRACKING-RISK | https://www.ftc.gov/news-events/news/press-releases/2023/07/ftc-hhs-warn-hospital-systems-telehealth-providers-about-privacy-security-risks-online-tracking | FTC and HHS warning on health data tracking technologies | Health apps and telehealth surfaces must avoid impermissible or undisclosed disclosure of sensitive health data to third-party trackers. |
1.0
| id | artifact id |
|---|---|
| client-source-reference | fb647c16-c6de-412b-a46f-56746971cf25 |
Coverage rules, insurance laws, and regulatory requirements change frequently. Always verify current rules directly with your insurer, a SHIP counselor, your state insurance commissioner, or a qualified benefits professional before making coverage decisions.
Pocket Advocate is a patient education and advocacy tool. It helps you prepare questions for medical appointments, understand your rights, and navigate the healthcare system.
Pocket Advocate does not provide medical advice, diagnose conditions, recommend specific treatments, or create a patient-provider relationship. All content is general educational information.
Your healthcare provider is the only person qualified to advise on your individual health situation. Always discuss your specific symptoms, conditions, and treatment decisions with a qualified healthcare professional.
General educational information only ? not medical advice. Always discuss your specific situation with your qualified healthcare provider.
I understand, let?s get started
Before you start
- M-00 safety copy and escalation pattern approved
- privacy/retention stance approved
- model/provider health-data handling reviewed
- tracker/analytics allowlist approved
- legal/medical review owner identified before public launch
- directive clinical language
- universal clinical thresholds or targets
- drug names as answer-text recommendations
- emergency triage thresholds or time windows
- symptom-to-diagnosis implications
- unqualified comparative effectiveness claims
- missing provider-question framing
- missing coverage recency caveat tag