Patient Visit Advocate policy
internal prototype · canonical JSON + Dreamborn Forge HTML
internal generated
policy · supabase_json

Patient Visit Advocate policy

policy artifact · for Patient Visit Advocate · status approved

Planning Surface

Use this to decide what happens next.

Status

approved

rules
idruleseverityrationale
P-001The product must not diagnose, replace clinicians, or tell users what treatment to pursue.hardMedical safety and trust boundary.
P-002Outputs must frame medical uncertainty explicitly and encourage clinician clarification for ambiguous or serious issues.hardAvoid false confidence.
P-003Serious symptom disclosures must trigger conservative escalation language such as seeking urgent or emergency care, without attempting triage precision beyond approved guardrails.hardPatient safety.
P-004The system must store structured user-corrected health memory, not rely on raw chat logs as the source of truth.hardMemory must be reviewable, correctable, and privacy-conscious.
P-005No provider-facing claims, HIPAA/regulatory claims, or clinical efficacy claims should ship without legal and medical review.hardSensitive healthcare domain.
P-006Generated question lists should default to five or fewer primary questions.warnOverwhelming users defeats the preparation job.
P-007Avoid medicalized UI density; the experience should feel calm, plain-language, and appointment-focused.warnUsers are likely anxious.
P-008No third-party analytics, ad pixels, session replay, or tracking SDKs may receive health text, appointment details, symptom data, medication data, identifiers tied to health activity, or visit URLs containing health context.hardFTC/HHS have specifically warned about health-data disclosure through online tracking technologies.
P-009Before collecting or sharing health data, the product must show clear just-in-time notice and require affirmative express consent outside the privacy policy.hardFTC mobile health guidance calls for clear notice and affirmative express consent for health data collection/sharing.
P-010Health content must be encrypted in transit and at rest; local-only anonymous drafts must use platform storage controls and expire automatically.hardFTC best practices call encryption a key protection for health information.
P-011MVP outputs must be limited to preparation, clarification, summarization, question generation, and follow-up organization; they must not classify the user into a diagnosis, predict acute risk, recommend a medication, or direct a care pathway.hardKeeps the product out of diagnostic/treatment-directive behavior and aligned to patient advocacy.
P-012Public claims must say appointment preparation and personal organization, not clinical decision support, triage, diagnosis, therapy, or treatment optimization.hardMarketing claims can change regulatory posture and user trust expectations.
P-013Coverage/insurance content must include a recency caveat and direct users to verify current rules with insurer, SHIP counselor, state insurance commissioner, or qualified benefits professional.hardCoverage rules and laws change frequently.
P-014No Q&A ingestion, generation, or publishing path may bypass compliance linting and human review for flagged content.hardClient source docs are seed material, not automatic public approval.
Agent Handoff
Start Here

policy artifact · for Patient Visit Advocate · status approved

Completion Evidence

No explicit evidence field yet. Require tests, screenshots, linked PRs, or reviewed outputs before marking complete.

Artifact Shape
  • rules: 14 items
  • sources: 4 items
  • schema version: 1.0
  • source artifacts: 1 item
  • required disclaimers: coverage_caveat_exact: string, onboarding_body_exact: string, qna_card_footer_exact: string, onboarding_button_exact: string, onboarding_headline_exact: string
  • approval required before build: 5 items
  • content lint required patterns: 8 items
Structured Payload

Machine-readable source fields

rules
idruleseverityrationale
P-001The product must not diagnose, replace clinicians, or tell users what treatment to pursue.hardMedical safety and trust boundary.
P-002Outputs must frame medical uncertainty explicitly and encourage clinician clarification for ambiguous or serious issues.hardAvoid false confidence.
P-003Serious symptom disclosures must trigger conservative escalation language such as seeking urgent or emergency care, without attempting triage precision beyond approved guardrails.hardPatient safety.
P-004The system must store structured user-corrected health memory, not rely on raw chat logs as the source of truth.hardMemory must be reviewable, correctable, and privacy-conscious.
P-005No provider-facing claims, HIPAA/regulatory claims, or clinical efficacy claims should ship without legal and medical review.hardSensitive healthcare domain.
P-006Generated question lists should default to five or fewer primary questions.warnOverwhelming users defeats the preparation job.
P-007Avoid medicalized UI density; the experience should feel calm, plain-language, and appointment-focused.warnUsers are likely anxious.
P-008No third-party analytics, ad pixels, session replay, or tracking SDKs may receive health text, appointment details, symptom data, medication data, identifiers tied to health activity, or visit URLs containing health context.hardFTC/HHS have specifically warned about health-data disclosure through online tracking technologies.
P-009Before collecting or sharing health data, the product must show clear just-in-time notice and require affirmative express consent outside the privacy policy.hardFTC mobile health guidance calls for clear notice and affirmative express consent for health data collection/sharing.
P-010Health content must be encrypted in transit and at rest; local-only anonymous drafts must use platform storage controls and expire automatically.hardFTC best practices call encryption a key protection for health information.
P-011MVP outputs must be limited to preparation, clarification, summarization, question generation, and follow-up organization; they must not classify the user into a diagnosis, predict acute risk, recommend a medication, or direct a care pathway.hardKeeps the product out of diagnostic/treatment-directive behavior and aligned to patient advocacy.
P-012Public claims must say appointment preparation and personal organization, not clinical decision support, triage, diagnosis, therapy, or treatment optimization.hardMarketing claims can change regulatory posture and user trust expectations.
P-013Coverage/insurance content must include a recency caveat and direct users to verify current rules with insurer, SHIP counselor, state insurance commissioner, or qualified benefits professional.hardCoverage rules and laws change frequently.
P-014No Q&A ingestion, generation, or publishing path may bypass compliance linting and human review for flagged content.hardClient source docs are seed material, not automatic public approval.
sources
idurltitlerelevance
FDA-CDS-2026https://www.fda.gov/media/191560/downloadFDA Clinical Decision Support Software guidance transcriptAvoid outputs that provide specific diagnostic or treatment directives or replace clinician judgment.
HHS-MHEALTHhttps://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.htmlHHS/OCR Resources for Mobile Health Apps DevelopersUse the federal mobile health app interactive tool to evaluate HIPAA, FTC Act, Health Breach Notification Rule, FD&C Act, COPPA, and related obligations.
FTC-MOBILE-HEALTH-BEST-PRACTICEShttps://www.ftc.gov/business-guidance/resources/mobile-health-app-developers-ftc-best-practicesFTC Mobile Health App Developers: Best PracticesRequires clear notice/affirmative express consent, strong encryption, vulnerability management, data inventory, and transparent privacy/security statements.
FTC-HHS-TRACKING-RISKhttps://www.ftc.gov/news-events/news/press-releases/2023/07/ftc-hhs-warn-hospital-systems-telehealth-providers-about-privacy-security-risks-online-trackingFTC and HHS warning on health data tracking technologiesHealth apps and telehealth surfaces must avoid impermissible or undisclosed disclosure of sensitive health data to third-party trackers.
schema version

1.0

source artifacts
idartifact id
client-source-referencefb647c16-c6de-412b-a46f-56746971cf25
required disclaimers
coverage caveat exact

Coverage rules, insurance laws, and regulatory requirements change frequently. Always verify current rules directly with your insurer, a SHIP counselor, your state insurance commissioner, or a qualified benefits professional before making coverage decisions.

onboarding body exact

Pocket Advocate is a patient education and advocacy tool. It helps you prepare questions for medical appointments, understand your rights, and navigate the healthcare system.

Pocket Advocate does not provide medical advice, diagnose conditions, recommend specific treatments, or create a patient-provider relationship. All content is general educational information.

Your healthcare provider is the only person qualified to advise on your individual health situation. Always discuss your specific symptoms, conditions, and treatment decisions with a qualified healthcare professional.

qna card footer exact

General educational information only ? not medical advice. Always discuss your specific situation with your qualified healthcare provider.

onboarding button exact

I understand, let?s get started

onboarding headline exact

Before you start

approval required before build
  • M-00 safety copy and escalation pattern approved
  • privacy/retention stance approved
  • model/provider health-data handling reviewed
  • tracker/analytics allowlist approved
  • legal/medical review owner identified before public launch
content lint required patterns
  • directive clinical language
  • universal clinical thresholds or targets
  • drug names as answer-text recommendations
  • emergency triage thresholds or time windows
  • symptom-to-diagnosis implications
  • unqualified comparative effectiveness claims
  • missing provider-question framing
  • missing coverage recency caveat tag