Skip to main content
Companion Care

Trust & Evidence Center — Payers · Clinicians · Legal Counsel

What is built.
What is pending.
No overclaiming.

Healthcare vetting is rigorous — and it should be. This center documents Boojee Companion Care's current compliance and evidence posture honestly, for the three audiences who evaluate a behavioral-health product before a contract is signed: health-plan procurement, clinical leadership, and legal/compliance counsel. Transparency here is the trust signal, not polish.

Program maturity statement

Program Status — Pilot Stage Honest maturity as of July 2026

Built & Verified

  • Validated screening instruments — UCLA-3, PHQ-2, PHQ-9, GAD-7 — server-side scored, public domain
  • Consent-first architecture: consent required before any health data write; grant/withdraw/audit API
  • Immutable audit log — every health-data action (consent, screening, alert, acknowledgment) timestamped and retained indefinitely
  • Right-to-delete: delete_user_data hard-deletes all personal data across all 7 care tables
  • Right-to-export: export_user_data returns all records as portable JSON (CCPA/GDPR portability)
  • Data retention TTL — check-ins expire at 365 days via DynamoDB TTL; screenings and audit retained indefinitely per clinical-record norms
  • Point-in-time recovery (PITR) enabled on all 7 care tables — 35-day continuous restore
  • Encryption at rest (AWS-managed KMS) and in transit (HTTPS-only Lambda URL)
  • Crisis protocol — PHQ-9 item 9 > 0 or risk language → immediate 988 Suicide & Crisis Lifeline delivery + CRISIS alert to caregiver; every escalation audit-logged
  • Safety guardrail specification — red-team evaluation harness and documented guardrail tiers
  • HIPAA-eligible infrastructure — Lambda, DynamoDB, Polly, Bedrock are all AWS HIPAA-eligible services
  • IAM least-privilege scoped role, no ad/analytics trackers on companion surfaces
  • Caregiver outcome dashboard — alerts, trends, engagement (live at /companion-care/caregivers/)
  • Draft Privacy Policy, Informed Consent, and Terms of Service prepared for counsel review
  • Regulatory, privacy, and AI-law analyses prepared for counsel review (FDA, MHMDA, BIPA, FTC, HIPAA)

Pending — Required Before Signed Contracts

  • Signed Business Associate Agreement (BAA) — with AWS (via AWS Artifact) and with each covered-entity client, before any PHI can flow; currently NOT_EXECUTED
  • SOC 2 Type I — on roadmap for first payer contract; not obtained; AWS architecture is designed toward it
  • Licensed clinical director — a named MD or LCSW must govern screening thresholds, escalation rules, and clinical protocols before real member enrollment; not yet on retainer
  • IRB-approved fidelity study — designed and protocol-ready; not yet run; required to validate conversational administration equivalence with standard administration
  • Single-arm outcomes pilot — designed; requires clinical director and IRB; not yet enrolled
  • Randomized Controlled Trial (RCT) — designed; requires outcomes pilot data first
  • SES production access — SES domain is verified but account is in sandbox (case 178406626800433 pending AWS review); caregiver alert emails currently blocked for unverified addresses
  • User-facing data-rights UI — delete, export, and withdraw-consent buttons must be wired into the member interface (backend APIs are ready; UI is not)
  • Capacity gate + surrogate-consent path for older adults who may lack decisional capacity
  • Written DPIA and incident-response runbook — required for MHMDA, CCPA, and GDPR; drafted but not finalized
  • Real clinical efficacy evidence — no enrolled members yet; no outcomes data for this product; cited sector ROI figures (AARP/$6.7B/$1,608) are category-level estimates, not our program results
  • Caregiver authentication layer on clinical endpoints (Cognito JWT) — required before payer-grade deployment

Why we publish this: a plan's compliance team will discover everything in the "pending" column during due diligence. Disclosing it here, with full technical specifics and an honest remediation path, is more useful — and more credible — than polished marketing copy that glosses over gaps. We are building this program to be payer-ready from the ground up. We are looking for pilot partners who want to generate the first real outcomes data with us.

For Health Plans & Payers

What procurement teams
need to evaluate this.

The materials below are organized for a plan's medical director, SSBCI team, and vendor-management office — ROI context, compliance posture, reimbursement pathways, and the outcome dashboard format.

Payer Brief

Payer Brief & Reimbursement Pathways

ROI case, MA SSBCI evidence bibliography requirements, Medicaid HCBS and PACE contracting pathways, PMPM model, and what we deliver vs what is still pilot.

Outcome Dashboard

Caregiver & Plan Outcome Dashboard

Live dashboard format showing UCLA-3 trend, PHQ-9 trajectory, engagement stats, and open alerts — the reporting artifact your plan file needs. Demo data until pilot enrollment.

For Clinicians

Science, instruments, and
honest evidence posture.

The instruments are validated. The product's efficacy is not yet — this section says both clearly, with full citations. Designed for a medical director, clinical psychologist, or IRB reviewer.

Psychometrics

Instrument Psychometrics

Reliability, validity, sensitivity, specificity, and scoring for UCLA-3, PHQ-2, PHQ-9, and GAD-7 — cited to primary literature. All public-domain; no license fee in the PMPM model.

Evidence Base

Efficacy Evidence — Honest Review

Cited review of RCTs and program reports for technology-mediated companion interventions. The instruments have strong evidence; the product's own efficacy does not yet — this page states that directly.

Study Roadmap

Study Roadmap — Fidelity → Pilot → RCT

Protocol-level designs for three planned studies: an instrument-fidelity/equivalence study (conversational vs. standard administration), a single-arm outcomes pilot, and an eventual RCT. Designed; not yet run.

Clinical Governance

Draft Clinical Protocols

Scope-of-use protocol, screening SOP, escalation flowchart, and caregiver/clinical governance framework. Draft — pending sign-off by the licensed clinical director (not yet on retainer).

Safety Program

Safety Program — Crisis & Guardrails

Red-team evaluation harness, guardrail specification by tier, and honest evaluation results. Crisis path (PHQ-9 item 9, risk language → 988 + alert) is hard-coded, not optional. Model-layer guardrail enforcement is pending LLM integration.

For Legal & Compliance Counsel

All documents are drafted for review by qualified counsel — not as legal advice and not as a claim of compliance. They assess how compliance would be achieved and where gaps remain.

Regulatory

Regulatory Analysis

FDA general-wellness vs. SaMD classification, Clinical Decision Support rules, unlicensed practice of medicine and AI-therapy laws, Colorado SB 205, EU AI Act, FTC. Crisis duty-to-warn and mandatory reporting analysis.

Data Rights — Reconciliation Note

Delete & export are implemented
in the backend.

An earlier draft of the privacy compliance checklist (compliance-checklist.md items C1 and C2) marked right-to-delete and right-to-access/export as [MISSING]. That reflected the state of the care_client.py wrapper at the time of writing. The care engine Lambda now fully implements both.

Implemented — Backend Verified

Right-to-Delete & Right-to-Export — as of July 2026

  • delete_user_data action — hard-deletes all personal data across all 7 care tables (checkins, screenings, alerts, consent, caregivers, alerts-outbox; requires confirm: "DELETE_MY_DATA" + delete_token). Satisfies CCPA/CPRA, Washington MHMDA, Nevada SB370, and GDPR Art. 17 erasure. A final delete_user_data_final audit row is written after deletion — audit records are retained indefinitely per HIPAA minimum 6-year requirement and are exempt from erasure.
  • export_user_data action — returns all records for a user across every table as portable JSON, plus a delete_token for self-service erasure. Satisfies CCPA right to access, GDPR portability (Art. 20), and MHMDA/NV access rights. Consent-gated and audit-logged.
  • Audit trail accessget_audit action returns the full audit trail for a user (compliance officer endpoint). Retained indefinitely; survives right-to-delete.
Remaining gap (unchanged): These endpoints are backend-only. A user-facing interface — delete button, export button, and withdraw-consent control — must be wired into the member UI before launch. The compliance checklist item C1/C2 status should be read as backend: implemented / UI: pending. The breach posture for consent withdrawal vs. data deletion is also documented in the privacy analysis: withdrawal alone does not delete prior records; the user must separately invoke delete_user_data.

Compliance & Evidence Status Board

Every item, honestly rated.

A plain checklist. Three ratings: Built = exists and verified in the codebase or backend today; In Progress = partially built or designed, not complete; Required — Not Yet = needed before a signed health-plan contract.

Screening Instruments & Data Infrastructure

Validated instruments — UCLA-3, PHQ-2, PHQ-9, GAD-7 Server-side scored; public domain; psychometrics documented in science dossier. Primary literature citations available.
Built
Consent-first architecture No health data written without prior consent record. Grant, withdraw, and audit API implemented. Consent table retained indefinitely.
Built
Immutable audit log Every action written to boojee-care-audit table with actor, timestamp, and detail. No TTL. Retained indefinitely; survives right-to-delete.
Built
Right-to-delete (CCPA/MHMDA/GDPR Art. 17) delete_user_data action hard-deletes across all 7 tables. Requires explicit confirmation token. Audit record of deletion retained. UI not yet wired.
Built (backend); UI pending
Right-to-export / data portability (CCPA/GDPR Art. 20) export_user_data returns all records as portable JSON. Consent-gated and audit-logged. UI not yet wired.
Built (backend); UI pending
Data retention TTL Check-ins expire at 365 days via DynamoDB TTL. Screenings and audit retained indefinitely per clinical-record norms. Outbox expires at 90 days.
Built
Point-in-time recovery (PITR) PITR enabled on all 7 care tables — 35-day continuous restore at one-second granularity. Confirmed via AWS CLI.
Built
Encryption at rest & in transit Caregivers table: AWS-managed KMS. All other tables: DynamoDB default (AWS-owned KMS). Lambda URL enforces HTTPS-only — no plaintext path. Upgrade to customer-managed KMS recommended before BAA.
In Progress
HIPAA-eligible infrastructure Lambda, DynamoDB, Polly, and Amazon Bedrock are all AWS HIPAA-eligible services included in the AWS BAA program. "HIPAA-eligible" is the accurate term — not "HIPAA compliant" (that requires a signed BAA + program).
Built

Safety & Crisis Protocol

Crisis protocol — PHQ-9 item 9 + risk language → 988 + alert Hard-coded: any PHQ-9 item 9 > 0 or risk-language detection triggers 988 Suicide & Crisis Lifeline delivery + CRISIS alert to caregiver. Every escalation audit-logged. Not optional or configurable away.
Built
Safety guardrail specification Documented guardrail tiers and red-team evaluation harness. Model-layer enforcement pending LLM integration with the Companion brain.
Spec built; model-layer pending
Caregiver alert delivery (SES email) Alert outbox and EventBridge processor built. SES domain verified. Account is in sandbox — emails to unverified recipients blocked. Production access pending (AWS case 178406626800433).
In Progress — SES sandbox

Legal & Contractual Compliance

Signed BAA with AWS Required before any PHI is stored. AWS BAA executed via AWS Artifact — Management Console → Account → AWS Artifact. Status: NOT_EXECUTED. Blocker for the payer channel.
Required — Not Yet
SOC 2 Type I On roadmap for first payer contract. Not obtained. AWS architecture (scoped IAM, DynamoDB encryption, audit logging, HIPAA-eligible services) designed toward passing Type I controls.
Required — Not Yet
Draft Privacy Policy, Informed Consent & Terms of Service All three drafted and available for counsel review. Cover MHMDA, BIPA, FTC HBNR, CCPA, GDPR. Effective on counsel sign-off.
Drafted — Counsel Review
Regulatory analysis — FDA, AI law, crisis-duty, privacy Full dossiers prepared and available. Counsel review and legal opinion still required before public claims of compliance.
Drafted — Counsel Review
Written DPIA & incident-response runbook Required for MHMDA, CCPA 2026 regulations, and GDPR. Framework drafted. Formal DPIA and IR runbook documents not yet finalized.
Required — Not Yet

Clinical Governance

Licensed clinical director (MD or LCSW) A named clinical director must govern screening thresholds, escalation rules, and approve clinical protocols before real member enrollment. This is a payer procurement requirement. Not yet on retainer.
Required — Not Yet
Draft clinical protocols Scope-of-use, screening SOP, escalation flowchart, and caregiver governance framework drafted. Pending sign-off by clinical director.
Drafted — Pending Clinical Director
Capacity gate & surrogate-consent path Required for a population of older adults who may lack decisional capacity. Consent design addresses this in the informed-consent document. Code implementation not yet built.
Required — Not Yet

Clinical Evidence

Instrument psychometrics UCLA-3, PHQ-2, PHQ-9, and GAD-7 all have strong published evidence for reliability, validity, sensitivity, and specificity. Cited to primary literature. This program uses them as designed.
Built — documented
Instrument fidelity / equivalence study Protocol designed (fidelity-study-protocol.md): tests whether conversational administration by the AI companion yields equivalent scores to standard administration. Requires IRB approval and clinical director. Not yet run.
Designed — Not Yet Run
Single-arm outcomes pilot Protocol designed (outcomes-pilot-protocol.md): 90-day pilot with UCLA-3 + PHQ-9 pre/post deltas as primary outcomes. Requires fidelity study results, clinical director, and IRB. Not yet enrolled.
Designed — Not Yet Run
Randomized Controlled Trial (RCT) Design outline available (rct-design-outline.md). Requires outcomes pilot data to power the study. Depends on clinical director and institutional partner. Not yet run — this is the long-term evidence roadmap, not a current asset.
Designed — Not Yet Run
Real clinical efficacy evidence for this product None yet. No enrolled members; no outcomes data. Cited sector figures ($6.7B isolation cost, $1,608/beneficiary per AARP/Stanford; ElliQ and Pyx engagement benchmarks) are category-level estimates and other vendors' program reports — not our results. The first pilot will generate the first data point.
Required — Not Yet