Compliance, Safety, and Privacy

Compliance, Safety, and Privacy

This document defines the strict boundaries and grammar the system must follow to ensure safety, respect privacy, and stay within legal claims limits.

1) Claims Grammar: "Say This, Not That" #safety #compliance

We explain and optimize. We do not diagnose or cure—unless a licensed physician is in the loop.

1.1 Standalone Mode (No Physician)

| Instead of (Banned) | Use (Allowed) | | :--- | :--- | | "Diagnosis" | Assessment, Explanation, Hypothesis, Working Theory | | "Treatment" | Protocol, Lifestyle Plan, Optimization Strategy | | "Cure" / "Reverse" | Improve, Optimize, Support metabolic health, Target remission | | "Patient" | Member, User | | "Doctor" / "Physician" | The System, Your Team, The Agents | | "Prescription" | Recommendation, Plan, Guidance |

The Golden Rule (Standalone Mode):

"Based on [Data], the best explanation is [Explanation]. This is not a diagnosis. To reduce uncertainty, track [Next Metric]."

1.2 Clinical Services Mode (Physician-in-the-Loop)

When a licensed physician is actively involved via the Clinical Services Layer:

| Term | Allowed When... | | :--- | :--- | | "Diagnosis" | Rendered by the physician, documented in visit note | | "Treatment" | Ordered by the physician (medication or clinical intervention) | | "Prescription" | Written by the physician via e-prescribe | | "Patient" | Acceptable in physician-facing contexts | | "Doctor" / "Physician" | Referring to the actual licensed provider |

The Golden Rule (Clinical Mode):

The system provides Clinical Decision Support. The physician makes the final clinical decision and takes clinical responsibility.

Canonical: 07-Clinical-Services-Layer.md

2) Safety Protocols #safety

2.1 Escalation Logic

  • Red Flags: If the system detects any "Red Flag" symptoms (defined in the Clinical Vault), it must immediately halt lifestyle advice and provide clear, bold instructions to seek professional medical care.
  • Medication Guardrail: The system never instructs a user to start, stop, or change a medication dosage. It directs the user to discuss data with their prescribing clinician.

2.2 Uncertainty Handling

  • If data is missing or a theory cannot be refuted, the system must explicitly state the uncertainty.
  • "We cannot rule out [Condition X] because we lack [Data Y]. We recommend [Safest Action]."

3) Privacy Sovereignty #privacy

3.1 The Vault Posture

  • Ownership: The user owns their Health State. We are a technical processor, not an owner.
  • Export: Full data export (JSON/FHIR) must be available at any time to prevent vendor lock-in.
  • Kill Switch: Deleting an account must result in full deletion of the versioned Health State snapshots and associated derived indexes.

3.2 Auditability (The Glass Box)

Users have a right to see the reasoning trace behind any assessment:

  • Inputs: What specific Health State data points were used.
  • Evidence: What external studies, guidelines, or expert quotes were retrieved.
  • Debate: A synthesized summary of the internal multi-agent debate (conjecture vs. refutation).

3.3 Epistemic Cost of Refusal

If a user refuses to share a critical metric, the system respects sovereignty but communicates the epistemic cost:

  • "I understand. Without this information, I cannot rule out [Condition X]. This increases the uncertainty of our final assessment and defaults us to a more conservative safety posture."

4) Visual Grammar #ux

  • Uncertainty Bounds: Graphs should show ranges or error bars where prediction is involved, not just a single "confident" line.
  • Completeness Meter: Frame progress as "Data Fidelity" or "Health State Completeness," not as a "Health Score."
  • Red Flags: Must be visually distinct (Red, high contrast) and always contain an action directive.

5) Clinical Services Compliance #clinical-services #hipaa

When Expanded mode (Clinical Services) is enabled, additional compliance requirements apply.

5.1 HIPAA Requirements

| Requirement | Implementation | | :--- | :--- | | Covered Entity Status | Expanded mode operates as covered entity or business associate | | BAAs | All partners (telemedicine API, pharmacy, etc.) must sign Business Associate Agreements | | PHI Handling | Follow HIPAA Security Rule for storage, transmission, access control | | Audit Logging | Log all access to clinical data (who, what, when) | | Breach Notification | 60-day notification to affected individuals; 60-day notification to HHS |

5.2 Provider Credentialing

| Requirement | Implementation | | :--- | :--- | | License Verification | Verify active medical license in patient's state before visit | | DEA Registration | Required for controlled substance prescribing | | Malpractice Insurance | Verify coverage before allowing clinical activity | | Re-verification | Periodic re-check of credentials (e.g., quarterly) |

5.3 FDA Software as a Medical Device (SaMD)

The Clinical Decision Support (CDS) system is designed to avoid SaMD classification:

  • CDS presents information for physician review (decision support)
  • CDS does not make autonomous clinical decisions (decision making)
  • Physician always renders final judgment
  • CDS does not replace clinical judgment; it augments it

This aligns with FDA guidance on Clinical Decision Support (21st Century Cures Act exemptions).

5.4 State Telehealth Regulations

| Requirement | Implementation | | :--- | :--- | | Jurisdiction Router | Check state-specific telehealth rules before each visit | | Prescribing Restrictions | Some states restrict telehealth prescribing for certain drug classes | | In-Person Requirements | Some states require initial in-person visit; route through partner if needed | | Informed Consent | Obtain telehealth-specific consent per state requirements |

5.5 Controlled Substances

For controlled substance prescribing (Schedule II-V):

| Requirement | Implementation | | :--- | :--- | | Ryan Haight Act | Ensure in-person exam requirement is met (or valid exception applies) | | EPCS Compliance | Use certified EPCS software for electronic prescribing | | DEA Registration | Prescriber must have valid DEA registration | | State PDMP | Check Prescription Drug Monitoring Program where required |

5.6 Audit and Documentation

All clinical interactions must be documented and retained:

  • Visit notes (chief complaint, assessment, plan)
  • Prescriptions issued
  • CDS data presented to physician
  • Consent records
  • Credential verification logs

Retention period: minimum 7 years (or longer per state requirements).

Canonical: 07-Clinical-Services-Layer.md

Back to Epistemology All Documents