Skip to main content
Companion Care

Trust & Evidence Center — Payers · Clinicians · Legal Counsel

One place to
verify everything.

Healthcare vetting is rigorous — and it should be. This center documents Boojee Companion Care's current compliance and evidence posture in full, organized for three audiences: health-plan procurement, clinical leadership, and legal & compliance counsel. We publish the gaps alongside the strengths. Transparency is the trust signal, not polish.

Pilot Stage — July 2026

This product is in pre-launch pilot stage. The instruments are validated. The infrastructure is built. Several required steps — BAA, SOC 2, licensed clinical director, IRB studies — are not yet completed. The status board below details every item honestly.

Compliance & Evidence Status Board

Every item, honestly rated.

25 items across data infrastructure, safety, legal, clinical governance, and evidence — each carrying one of four plain statuses. The board a compliance team builds during due diligence. Published first, by us.

10 Built & verified
6 In progress
6 Required — not yet
3 Designed — not yet run
Built — exists and verified in the codebase or backend today In Progress — partially built or designed, not complete Required — Not Yet — needed before a signed contract Designed — protocol ready, not yet run
Screening Instruments & Data Infrastructure
Validated instruments — UCLA-3, PHQ-2, PHQ-9, GAD-7 Server-side scored; public domain; psychometrics documented in science dossier. Primary literature citations available.
Built
Consent-first architecture No health data written without prior consent record. Grant, withdraw, and audit API implemented. Consent table retained indefinitely.
Built
Immutable audit log Every action written to boojee-care-audit with actor, timestamp, and detail. No TTL. Retained indefinitely; survives right-to-delete.
Built
Right-to-delete (CCPA / MHMDA / GDPR Art. 17) delete_user_data hard-deletes across all 7 tables. Requires explicit confirmation token. Audit record of deletion retained. UI not yet wired.
Built — backend; UI pending
Right-to-export / data portability (CCPA / GDPR Art. 20) export_user_data returns all records as portable JSON. Consent-gated and audit-logged. UI not yet wired.
Built — backend; UI pending
Data retention TTL Check-ins expire at 365 days via DynamoDB TTL. Screenings and audit retained indefinitely per clinical-record norms. Outbox expires at 90 days.
Built
Point-in-time recovery (PITR) Enabled on all 7 care tables — 35-day continuous restore at one-second granularity. Confirmed via AWS CLI.
Built
Encryption at rest & in transit Caregivers table: AWS-managed KMS. All other tables: DynamoDB default (AWS-owned KMS). Lambda URL enforces HTTPS-only. Upgrade to customer-managed KMS recommended before BAA.
In Progress
HIPAA-eligible infrastructure Lambda, DynamoDB, Polly, and Bedrock are all AWS HIPAA-eligible services included in the AWS BAA program. "HIPAA-eligible" is the accurate term — not "HIPAA compliant" (that requires a signed BAA + program).
Built
Safety & Crisis Protocol
Crisis protocol — PHQ-9 item 9 + risk language → 988 + alert Hard-coded: any PHQ-9 item 9 > 0 or risk-language detection triggers 988 Suicide & Crisis Lifeline delivery + CRISIS alert to caregiver. Every escalation audit-logged. Not optional or configurable away.
Built
Safety guardrail specification Documented guardrail tiers and red-team evaluation harness. Model-layer enforcement pending LLM integration with the Companion brain.
Spec built; model-layer pending
Caregiver alert delivery (SES email) Alert outbox and EventBridge processor built. SES domain verified. Account is in sandbox — emails to unverified recipients blocked. Production access pending (AWS case 178406626800433).
In Progress — SES sandbox
Legal & Contractual Compliance
Signed BAA with AWS Required before any PHI is stored. AWS BAA executed via AWS Artifact — Management Console → Account → AWS Artifact. Status: NOT_EXECUTED. Blocker for the payer channel.
Required — Not Yet
SOC 2 Type I On roadmap for first payer contract. Not obtained. AWS architecture (scoped IAM, DynamoDB encryption, audit logging, HIPAA-eligible services) designed toward passing Type I controls.
Required — Not Yet
Draft Privacy Policy, Informed Consent & Terms of Service All three drafted and available for counsel review. Cover MHMDA, BIPA, FTC HBNR, CCPA, GDPR. Effective on counsel sign-off.
Drafted — Counsel Review
Regulatory analysis — FDA, AI law, crisis-duty, privacy Full dossiers prepared and available. Counsel review and legal opinion still required before public claims of compliance.
Drafted — Counsel Review
Written DPIA & incident-response runbook Required for MHMDA, CCPA 2026 regulations, and GDPR. Framework drafted. Formal DPIA and IR runbook documents not yet finalized.
Required — Not Yet
Clinical Governance
Licensed clinical director (MD or LCSW) A named clinical director must govern screening thresholds, escalation rules, and approve clinical protocols before real member enrollment. This is a payer procurement requirement. Not yet on retainer.
Required — Not Yet
Draft clinical protocols Scope-of-use, screening SOP, escalation flowchart, and caregiver governance framework drafted. Pending sign-off by clinical director.
Drafted — Pending Clinical Director
Capacity gate & surrogate-consent path Required for a population of older adults who may lack decisional capacity. Consent design addresses this in the informed-consent document. Code implementation not yet built.
Required — Not Yet
Clinical Evidence
Instrument psychometrics UCLA-3, PHQ-2, PHQ-9, and GAD-7 all have strong published evidence for reliability, validity, sensitivity, and specificity. Cited to primary literature. This program uses them as designed.
Built — documented
Instrument fidelity / equivalence study Protocol designed: tests whether conversational administration by the AI companion yields equivalent scores to standard administration. Requires IRB approval and clinical director. Not yet run.
Designed — Not Yet Run
Single-arm outcomes pilot Protocol designed: 90-day pilot with UCLA-3 + PHQ-9 pre/post deltas as primary outcomes. Requires fidelity study results, clinical director, and IRB. Not yet enrolled.
Designed — Not Yet Run
Randomized Controlled Trial (RCT) Design outline available. Requires outcomes pilot data to power the study. Depends on clinical director and institutional partner. Not yet run — this is the long-term evidence roadmap, not a current asset.
Designed — Not Yet Run
Real clinical efficacy evidence for this product None yet. No enrolled members; no outcomes data. Cited sector figures ($6.7B isolation cost, $1,608/beneficiary per AARP/Stanford; ElliQ and Pyx engagement benchmarks) are category-level estimates and other vendors' program reports — not our results. The first pilot will generate the first data point.
Required — Not Yet

Audience Navigation

Find your evidence trail.

Each audience has a direct path to the documents that matter for their role. Every link below goes to a real, built page.

For Health Plans & Payers

ROI, reimbursement & compliance posture

What procurement teams and SSBCI leads need: ROI context, MA/Medicaid/PACE pathways, the PMPM model, the outcome dashboard format, and the full compliance gap list — so the vendor-management review starts with the right picture.

For Clinicians

Instruments, evidence & honest posture

The instruments are validated. The product's own efficacy is not yet — this section says both clearly. Psychometrics, evidence bibliography, planned study protocols, clinical governance framework, and the full safety evaluation. Designed for a medical director, clinical psychologist, or IRB reviewer.

Data Rights — Reconciliation Note

Delete & export are implemented
in the backend.

An earlier draft of the privacy compliance checklist marked right-to-delete and right-to-access/export as [MISSING]. That reflected the state of the care_client.py wrapper at the time of writing. The care engine Lambda now fully implements both.

Implemented — Backend Verified

Right-to-Delete & Right-to-Export — as of July 2026

  • delete_user_data action — hard-deletes all personal data across all 7 care tables (checkins, screenings, alerts, consent, caregivers, alerts-outbox; requires confirm: "DELETE_MY_DATA" + delete_token). Satisfies CCPA/CPRA, Washington MHMDA, Nevada SB370, and GDPR Art. 17 erasure. A final delete_user_data_final audit row is written after deletion — audit records are retained indefinitely per HIPAA minimum 6-year requirement and are exempt from erasure.
  • export_user_data action — returns all records for a user across every table as portable JSON, plus a delete_token for self-service erasure. Satisfies CCPA right to access, GDPR portability (Art. 20), and MHMDA/NV access rights. Consent-gated and audit-logged.
  • Audit trail accessget_audit action returns the full audit trail for a user (compliance officer endpoint). Retained indefinitely; survives right-to-delete.
Remaining gap (unchanged): These endpoints are backend-only. A user-facing interface — delete button, export button, and withdraw-consent control — must be wired into the member UI before launch. The compliance checklist item C1/C2 status should be read as backend: implemented / UI: pending. The breach posture for consent withdrawal vs. data deletion is also documented in the privacy analysis: withdrawal alone does not delete prior records; the user must separately invoke delete_user_data.

Disclosed Gaps — Roadmap

Four open items before
signed contracts.

These are the four primary blockers for a signed health-plan contract. They are disclosed here — not discovered in due diligence — because that is the right way to build a product in this space.

Required — Not Yet

Business Associate Agreement (BAA)

A signed BAA with AWS (via AWS Artifact) and with each covered-entity payer client is required before any PHI can flow. Currently NOT_EXECUTED. This is the first action before pilot enrollment. All infrastructure is ready for it.

Required — Not Yet

SOC 2 Type I

On the roadmap for the first payer contract. Not yet obtained. The AWS architecture — scoped IAM, DynamoDB encryption, audit logging, HIPAA-eligible services — is designed to pass Type I controls. Formal audit engagement not yet initiated.

Required — Not Yet

Licensed Clinical Director (MD or LCSW)

A named MD or LCSW must govern screening thresholds, escalation rules, and clinical protocols before real member enrollment. This is a hard payer procurement requirement. Draft protocols are ready for clinical director review. Not yet on retainer.

Required — Not Yet

IRB-Approved Fidelity Study

The instrument-fidelity equivalence study (conversational vs. standard administration) requires IRB approval and a clinical director. Protocol is fully designed. Not yet run. Required to validate that conversational administration of UCLA-3/PHQ-9/GAD-7 yields equivalent scores.

Why we publish this list: a plan's compliance team will discover all four of these during due diligence. Disclosing them here, with full technical context and a clear remediation path, is more credible and more useful than copy that obscures them. We are looking for pilot partners who want to co-generate the first real evidence data with us.

Three honesty flags that apply throughout this center: HIPAA-eligible, not certifiedscreening, not diagnosisinstruments validated, product not yet.