Patient Visit Advocate module-spec M-00
internal prototype · canonical JSON + Dreamborn Forge HTML
internal generated
module-spec · supabase_json

Patient Visit Advocate module-spec M-00

module-spec artifact · for Patient Visit Advocate · phase M-00 · status approved

Planning Surface

Use this to decide what happens next.

Status

approved

Phase

M-00

Agent Handoff
Start Here

module-spec artifact · for Patient Visit Advocate · phase M-00 · status approved

Completion Evidence
  • Policy artifact includes source-backed medical safety, privacy, consent, encryption, and tracking rules.
  • Feature spec records platform and anonymous-draft decisions.
  • MVP output taxonomy explicitly separates allowed preparation outputs from disallowed clinical outputs.
  • First health-data input, model-processing consent, generated brief footer, and question plan header have approved draft copy.
  • Plan blocks implementation until model/provider data-handling review is assigned.
  • M00-AC-CLIENT-001
    - id: M00-AC-CLIENT-001 - criterion: M-00 references client-source-reference as the canonical current client boundary, while keeping final attorney review as a release gate.
  • M00-AC-CLIENT-002
    - id: M00-AC-CLIENT-002 - criterion: No implementation task is approved unless its acceptance criteria include the applicable Q&A disclaimer, onboarding, coverage, and lint rules.
Goal

Lock the safety, privacy, regulatory posture, and AI-output boundary before implementing the patient visit advocate MVP.

Structured Payload

Machine-readable source fields

goal

Lock the safety, privacy, regulatory posture, and AI-output boundary before implementing the patient visit advocate MVP.

module
id

M-00

name

Safety and Product Boundary

status

draft

next module

M-01 Visit Data Model

release gates
idgate
LEGAL-FINAL-001Attorney/legal final signoff required before public Q&A launch; client dev reference is pre-review guidance, not final legal clearance.
schema version

1.0

official sources
idurltitlerelevance
FDA-CDS-2026https://www.fda.gov/media/191560/downloadFDA Clinical Decision Support Software guidance transcriptAvoid outputs that provide specific diagnostic or treatment directives or replace clinician judgment.
HHS-MHEALTHhttps://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.htmlHHS/OCR Resources for Mobile Health Apps DevelopersUse the federal mobile health app interactive tool to evaluate HIPAA, FTC Act, Health Breach Notification Rule, FD&C Act, COPPA, and related obligations.
FTC-MOBILE-HEALTH-BEST-PRACTICEShttps://www.ftc.gov/business-guidance/resources/mobile-health-app-developers-ftc-best-practicesFTC Mobile Health App Developers: Best PracticesRequires clear notice/affirmative express consent, strong encryption, vulnerability management, data inventory, and transparent privacy/security statements.
FTC-HHS-TRACKING-RISKhttps://www.ftc.gov/news-events/news/press-releases/2023/07/ftc-hhs-warn-hospital-systems-telehealth-providers-about-privacy-security-risks-online-trackingFTC and HHS warning on health data tracking technologiesHealth apps and telehealth surfaces must avoid impermissible or undisclosed disclosure of sensitive health data to third-party trackers.
product boundary
allowed outputs
  • Organize user-provided symptoms, timeline, concerns, context, and unknowns
  • Generate a concise visit brief for patient use
  • Generate clinician-facing questions the patient can ask
  • Translate user-entered medical terms or instructions into plain language with uncertainty
  • Summarize user-entered post-visit notes into next steps and open questions
disallowed outputs
  • Diagnosis or differential diagnosis
  • Medication or treatment recommendation
  • Care pathway directive
  • Acute risk prediction
  • Provider-facing clinical decision support
  • Claims that the product is HIPAA compliant or FDA-cleared without formal review
source artifacts
idrolestatusartifact id
client-source-referenceclient-provided compliance and Q&A corpus sourcedraftfb647c16-c6de-412b-a46f-56746971cf25
compliance-gap-reviewartifact update checklist before build approvaldraft1709cbbf-8bc3-44d0-b580-e5a38baf4a94
escalation pattern
copy

Some symptoms can require urgent medical attention. If you think this could be an emergency, call emergency services or seek urgent care now. This app cannot determine how serious your symptoms are.

rule

If the user reports potentially severe or emergency symptoms, stop normal generation and show conservative urgent-care copy plus emergency-services guidance appropriate to the product region. Do not attempt precise triage ranking in MVP.

acceptance criteria
  • Policy artifact includes source-backed medical safety, privacy, consent, encryption, and tracking rules.
  • Feature spec records platform and anonymous-draft decisions.
  • MVP output taxonomy explicitly separates allowed preparation outputs from disallowed clinical outputs.
  • First health-data input, model-processing consent, generated brief footer, and question plan header have approved draft copy.
  • Plan blocks implementation until model/provider data-handling review is assigned.
  • M00-AC-CLIENT-001
    - id: M00-AC-CLIENT-001 - criterion: M-00 references client-source-reference as the canonical current client boundary, while keeping final attorney review as a release gate.
  • M00-AC-CLIENT-002
    - id: M00-AC-CLIENT-002 - criterion: No implementation task is approved unless its acceptance criteria include the applicable Q&A disclaimer, onboarding, coverage, and lint rules.
required copy blocks
idcopylocation
COPY-001This app helps you prepare for a medical visit. It does not diagnose conditions, provide treatment advice, or replace a clinician. If you may be having an emergency or severe symptoms, seek urgent medical care now.first health-data input
COPY-002To create your visit brief, we need to process the health details you entered. Continue only if you want this app to use that information for appointment preparation.before server/model processing
COPY-003Use this brief to help explain your concerns and ask questions. Your clinician is responsible for diagnosis and treatment decisions.generated brief footer
COPY-004These are questions to discuss with your clinician, not medical instructions.question plan header
client compliance boundary
source

Pocket Advocate Developer Reference Guide v1.0, May 2026

allowed
  • Patient education and advocacy
  • Questions to ask providers
  • Rights and healthcare-system navigation
  • General condition vocabulary with individual caveats
  • Emergency awareness without app-provided triage criteria
disallowed
  • Diagnosis or symptom-based condition inference
  • Treatment recommendations or preferred medications
  • Universal clinical thresholds, doses, targets, or taper schedules
  • Emergency triage criteria using specific measurements or time windows
  • Directive medical instructions such as never, always, must, should, or need to when applied to clinical action
product line

The app gives patients vocabulary and courage to ask questions; providers give medical answers.

launch status

Action required before public launch

privacy security requirements
  • Create a data inventory before implementation: raw intake, extracted structure, generated brief, question plan, debrief, memory items, account metadata, logs, analytics events.
  • Do not send health content to analytics, ad pixels, session replay, or generic product telemetry.
  • Use strong encryption in transit and at rest for any persisted health content.
  • Require explicit consent before server/model processing of health content.
  • Make deletion/export/correction requirements part of the memory foundation before public launch.
  • Retain raw chat only if there is a clear user-visible reason; prefer structured user-corrected memory.
required before public qna launch
idrequirement
QNA-SC-001All Q&A content uses section label Questions to ask your provider; old What to do or ask label is forbidden in DB and UI.
QNA-SC-002Every expanded Q&A card renders exact non-dismissible disclaimer: General educational information only ? not medical advice. Always discuss your specific situation with your qualified healthcare provider.
QNA-SC-003First launch requires explicit acknowledgement of the exact client onboarding disclaimer before content access; same text remains available in Settings > Legal.
QNA-SC-004Coverage clusters render exact recency caveat and are tagged in the data model.
QNA-SC-005Content linting flags clinical thresholds, directive clinical language, drug recommendations in answer text, emergency triage specificity, diagnosis implications, and unqualified comparative claims.
QNA-SC-006Workbook row count discrepancy is resolved before scope/cost estimates or full import approval.